GRE(mGRE) and VRF configuration problem

King Jin · ‎02-23-2016

Hey guys,

I meet a problem about setting tunnels with VRF between 6509 and 4507. I created VRF instance/Tunnels on both switches, both tunnels are up but only 6509 can see 4507 via its tunnel, 4507 cannot see 6508 via its tunnel, so i cannot see eigrp nei at 4507 for its VRF. 4507 and 6509 are connected directly via L3-P2P. I do not meet this issue when setting tunnels between 6509s because i can use NHRP. Below shows you the configuration.

6509 Configuration:

6509#sh run int tu8
Building configuration...

Current configuration : 424 bytes
!
interface Tunnel8
description mGRE

ip vrf forwarding test
ip address 172.23.12.129 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1476
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEY
ip nhrp map multicast dynamic
ip nhrp network-id 8
no ip split-horizon eigrp 1
cdp enable
tunnel source Loopback108
tunnel mode gre multipoint
end

6509#sh run int lo108
Building configuration...

Current configuration : 113 bytes
!
interface Loopback108
description mGRE Source Interface
ip address 10.143.0.218 255.255.255.255
end

6509#
6509#sh ip vrf int test

Interface              IP-Address      VRF                              Protocol
Vl1033                 172.23.12.228   test                          up
Tu8                    172.23.12.129   test                          up
6509#
address-family ipv4 vrf test
redistribute static metric 2048 1900 255 1 1500
network 172.23.12.0 0.0.0.255
auto-summary
autonomous-system 1
exit-address-family
!

6509#sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
4507
Tunnel8 172 R S I WS-C4507R Tunnel8

4507 configuration:

4507#sh run int tu8
Building configuration...

Current configuration : 353 bytes
!
interface Tunnel8
ip vrf forwarding test

ip address 172.23.12.132 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1476
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEY
cdp enable
tunnel source Loopback108
tunnel destination 10.143.0.218

4507#sh run int lo108
Building configuration...

Current configuration : 95 bytes
!
interface Loopback108
ip address 10.143.0.224 255.255.255.255
end

4507#sh ip vrf int test

Interface              IP-Address      VRF                              Protocol
Vl1033                 172.23.12.231   test                          up
Tu8                    172.23.12.132   test                          up

4507#
address-family ipv4 vrf DMZ-PKG autonomous-system 1
network 172.23.12.0 0.0.0.255
passive-interface default
no passive-interface Tunnel8
exit-address-family

!

4507#sh ip eigrp vrf test neighbors
EIGRP-IPv4 Neighbors for AS(1) VRF(test)
(nothing display here because 4507 cannot see its nei 6509 via its tunnel 8)

System image file is "bootflash:cat4500e-universalk9.SPA.03.03.00.SG.151-1.SG.bin"

Any ideas on this issue?

King Jin · ‎02-23-2016

BTW, from 6509, i can see the 4507 IP 172.23.12.132 from eigrp nei information, but the uptime cannot last over 1 minute, after 1 min, the uptime will back to zero and start again.

6509#show ip eigrp vrf test neighbors
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO Q Seq
                                            (sec)         (ms)       Cnt Num
3   172.23.12.132           Tu8               11 00:01:18    1 5000 1 0
2   172.23.12.130           Tu8               12 2w4d       28 1434 0 8
0   172.23.12.131           Tu8               13 2w4d        9 1434 0 8
1   172.23.12.229           Vl1033            12 17w0d     265 1590 0 7255
6509#show ip eigrp vrf test neighbors
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO Q Seq
                                            (sec)         (ms)       Cnt Num
3   172.23.12.132           Tu8               14 00:00:00    1 2000 1 0
2   172.23.12.130           Tu8               11 2w4d       28 1434 0 8
0   172.23.12.131           Tu8               12 2w4d        9 1434 0 8
1   172.23.12.229           Vl1033            11 17w0d     265 1590 0 7255

Of course, from 6509, 172.23.12.132 cannot be pinged.

King Jin · ‎02-23-2016

One more thing, i noticed that the interface MTU of 4507 tunnel is incorrect although i configured the MTU.

4507#sh int tu8
Tunnel8 is up, line protocol is up
Hardware is Tunnel
Internet address is 172.23.12.132/27
MTU 17900 bytes, BW 100 Kbit/sec, DLY 50000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10.143.0.224 (Loopback108), destination 10.143.0.218
   Tunnel Subblocks:
      src-track:
         Tunnel8 source tracking subblock associated with Loopback108
          Set of tunnels with source Loopback108, 1 member (includes iterators), on interface <OK>
Tunnel protocol/transport GRE/IP
    Key disabled, sequencing disabled
    Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input never, output 00:00:03, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 3
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     42834 packets output, 8439260 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets