Why GRE Tunnel Keepalive not working for this scenario??

limtohsoon · ‎05-04-2005

Hi Sir,

I've set up a simple network in a lab to test GRE Tunnel Keepalive which will eventually be configured on a production network. The setup is as follows:

SGB2(Rtr) -----LAN----- SGB1(Rtr) -----WAN----- Router

Referring to attached diagram, a GRE tunnel is formed between SGB2 and SGB1. I'd like the network to behave such that, when the serial link on SGB1 router is down, SGB2 should take down the line protocol of its GRE tunnel interface. I employed the GRE Tunnel Keepalive feature.

Below is my observation:

When the serial link is up, both routers successfully send and receive GRE keepalive packets, and thus the tunnel interfaces are up/up at both ends.

When the serial link is down (by removing the cable), I encountered a problem whereby SGB2 is still receiving keepalive packets from SGB1, and thus its tunnel interface remains up/up. Also attached are debug outputs and config of both routers AFTER the serial link on SGB1 is down.

Please help.

Thank you.

B.Rgds,

Lim TS

Harold Ritter · ‎05-04-2005

This issue can be solved by changing the configuration slightly on SGB2 as follow:

int tun0

tunnel source 10.20.195.93 (instead of se0/0)

This should cause the tunnel interface to go down when s0/0 goes down on SGB2.

Hope this helps

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Richard Burts · ‎05-04-2005

As is frequently the case Harold has an interesting and creative alternative to suggest. If you implement his suggestion I believe that you will achieve your objective.

But I also think that you are asking this feature to do something that it really was not designed to do. You are asking the link between SGB1 and SBG2 to do something reflecting events between SGB2 and router. I believe that you could achieve this in a more general way by using the new feature of Object Tracking.

HTH

Rick

HTH

Rick

limtohsoon · ‎05-05-2005

Hi Harold,

Referring to the same network diagram, I tried your suggestion by altering the tunnel config on SGB1:

!

interface Tunnel0

ip address 11.0.0.2 255.0.0.0

keepalive 3 3

tunnel source 10.20.195.93

tunnel destination 10.20.150.2

!

Likewise, I changed SGB2 as follows:

!

interface Tunnel0

ip address 11.0.0.1 255.0.0.0

keepalive 3 3

tunnel source 10.20.150.2

tunnel destination 10.20.195.93

!

What happened was both ends of the tunnel never went down after the serial link on SGB1 was removed. So I reverted the configurations back to pointing tunnel sources to the interface itself.

After much trial & error, I solved the problem but the solution was more of a workaround and it doesn't seem to make much sense. I solved it by creating an ACL "access-list 100 permit ip any any log-input" and applied it inbound on interface FastEthernet0/0 on SGB1. I guess it's due to IOS bug.

The setup still works if keepalive is only configured on SGB2, and not on SGB1.

Thank you.

B.Rgds,

Lim TS

Harold Ritter · ‎05-05-2005

Sorry for the confusion, in my previous posting I said you had to change SGB2 but I actually meant SGB1.

Have yo tried not changing SGB2 but simply SGB1 as suggested in my previous posting. This should work. I ran a quick test and it worked for me. Every time I shutdown s0/0 the tunnel goes down after 9 seconds (3 keepalives of 3 seconds each).

What version are you running on these routers.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México