Re: OSPF tunneling question

hugh2_nguyen · ‎09-30-2009

Hi,

I configured tunneling for OSPF routers but OSPF does not see further then its neighbor at the tunnel interface. That is, from the configuration below, 192.x.x.10 and 10.1.1.1 on Router4 could ping 142.x.x.10 and 10.1.1.2 on Router5 respectively and vice versa. However, none of the 192.168.x.x nodes on one router could ping any thing on the other router. Would you please give me some advice. Thanks.

-------------------

hostname Router4

!

policy-map FQ

class class-default

fair-queue

!

interface Tunnel0

ip address 10.1.1.1 255.255.255.0

ospfv3 instance 64 network manet

ospfv3 1 area 0 address-family ipv4 instance 64

tunnel source GigabitEthernet0/0

tunnel destination 142.x.x.10

!

interface GigabitEthernet0/0

Description external WAN

ip address 192.x.x.10 255.255.255.0

duplex auto

speed auto

ipv6 enable

ospfv3 instance 64 network manet

ospfv3 1 area 0 address-family ipv4 instance 64

service-policy output FQ

!

interface GigabitEthernet0/1

Description internal LAN

ip address 192.168.x.40 255.255.255.0

duplex auto

speed auto

ipv6 enable

ospfv3 1 area 0 address-family ipv4 instance 64

!

router ospfv3 1

router-id 4.4.4.4

log-adjacency-changes

!

address-family ipv4

timers spf 1 2

router-id 4.4.4.4

exit-address-family

!

ip forward-protocol nd

ip route 142.x.x.10 255.255.255.255 192.x.x.172

! 192.x.x.172 is WAN gateway

--------------------

hostname Router5

!

policy-map FQ

class class-default

fair-queue

!

interface Tunnel0

ip address 10.1.1.2 255.255.255.0

tunnel source GigabitEthernet0/0

tunnel destination 192.x.x.10

!

interface GigabitEthernet0/0

Description external WAN

ip address 142.x.x.10 255.255.255.0

duplex auto

speed auto

ipv6 enable

ospfv3 instance 64 network manet

ospfv3 1 area 0 address-family ipv4 instance 64

service-policy output FQ

!

interface GigabitEthernet0/1

Description internal LAN

ip address 192.168.x.40 255.255.255.0

duplex auto

speed auto

ipv6 enable

ospfv3 1 area 0 address-family ipv4 instance 64

!

router ospfv3 1

router-id 5.5.5.5

log-adjacency-changes

!

address-family ipv4

timers spf 1 2

router-id 5.5.5.5

exit-address-family

!

ip forward-protocol nd

ip route 192.x.x.10 255.255.255.255 142.x.x.172

! 142.x.x.172 is WAN gateway

Marwan ALshawi · ‎09-30-2009

can you please run the bellow comand in each of the ospf interface

and if did nt work can you post

show ip ospf neighbor

and

debug ip ospf adj

good luck

hugh2_nguyen · ‎09-30-2009

Hi,

Here they are:

Router4#sh ospfv3 nei

OSPFv3 Router with ID (4.4.4.4) (Process ID 1)

Neighbor ID Pri State Dead Time Interface ID Interface

5.5.5.5 1 LOADING/ - 00:01:55 10 Tunnel0

Router4#debug ospfv3 adj

OSPFv3 adjacency events debugging is on

-----

Marwan ALshawi · ‎09-30-2009

i think you may have a MTU mismatch problem

can you make sure all the interfaces have the same mtu

or in the interface level of each interface participating in opsf even the tunnel

use the commend

ip ospf mtu-ignore

again can you configure ospf without the v3

interface

ip ospf 1 area 0

ip ospf mtu-igonre

by the way the wan link address like 142.x.x.10

is it reachable wuithout the tunnel ?

and let me know

good luck

pauloroque · ‎09-30-2009

Hi,

I agree that this problem may be related to MTU, but the problem 'ip ospf mtu-ignore' solves is related to MTU mismatch and, in this case, the neighbor state stops at 'exstart'. but here the state reach 'loading'.

So, I suggest you configure 'ip mtu 1400' on each Tunnel interface and check again.

Also, it can be helpful to do some pings with a large packet size (1400 or so) to see if there is no packet loss on tunnels.

For last, enable the following debugs, clear the ospf process and post the output here. That is

# undebug all

# term moni (if you aren't in the console)

# debug ip ospf adj

# debug ip ospf retrans

# clear ip ospf process

Hope that helps.

Paulo Roque

hugh2_nguyen · ‎10-01-2009

Hi,

I tried both "ip ospf mtu-ignore" and "ip mtu 1400" and neither solved the problem. I still could not ping from 192.168.x.x to the other side. Ping tunnel interface to tunnel interface with 1400-byte message worked fine but if ping messages are larger than 1400 then some pings were loss. Here're some debug data:

Router5# debug ospfv3 adj

OSPFv3 adjacency events debugging is on

Router5#

*Oct 1 16:49:04.749: OSPFv3: Tunnel0 Nbr: 4.4.4.4: Retransmitting LS REQ

*Oct 1 16:49:04.749: OSPFv3: put LS request for LSID 0.0.0.0, type 2001, adv. rtr. 4.4.4.4 in LS REQ packet

*Oct 1 16:49:04.749: OSPFv3: put LS request for LSID 0.0.0.10, type 8, adv. rtr. 4.4.4.4 in LS REQ packet

*Oct 1 16:49:04.749: OSPFv3: put LS request for LSID 0.0.0.0, type 2009, adv. rtr. 4.4.4.4 in LS REQ packet

*Oct 1 16:49:04.749: OSPFv3: Send LS REQ to 4.4.4.4 length 36 LSA count 3

*Oct 1 16:49:04.985: OSPFv3: Rcv LS REQ from 4.4.4.4 on Tunnel0 length 52 LSA count 3

*Oct 1 16:49:04.985: OSPFv3: Send UPD to FE80::219:6FF:FE66:6330 on Tunnel0 length 136 LSA count 3

*Oct 1 16:49:09.469: OSPFv3: Tunnel0 Nbr: 4.4.4.4: Retransmitting LS REQ

*Oct 1 16:49:09.469: OSPFv3: put LS request for LSID 0.0.0.0, type 2001, adv. rtr. 4.4.4.4 in LS REQ packet

*Oct 1 16:49:09.469: OSPFv3: put LS request for LSID 0.0.0.10, type 8, adv. rtr. 4.4.4.4 in LS REQ packet

*Oct 1 16:49:09.469: OSPFv3: put LS request for LSID 0.0.0.0, type 2009, adv. rtr. 4.4.4.4 in LS REQ packet

*Oct 1 16:49:09.469: OSPFv3: Send LS REQ to 4.4.4.4 length 36 LSA count 3

*Oct 1 16:49:09.733: OSPFv3: Rcv LS REQ from 4.4.4.4 on Tunnel0 length 52 LSA count 3

*Oct 1 16:49:09.733: OSPFv3: Send UPD to FE80::219:6FF:FE66:6330 on Tunnel0 length 136 LSA count 3

*Oct 1 16:49:14.269: OSPFv3: Tunnel0 Nbr: 4.4.4.4: Retransmitting LS REQ

*Oct 1 16:49:14.269: OSPFv3: put LS request for LSID 0.0.0.0, type 2001, adv. rtr. 4.4.4.4 in LS REQ packet

*Oct 1 16:49:14.269: OSPFv3: put LS request for LSID 0.0.0.10, type 8, adv. rtr. 4.4.4.4 in LS REQ packet

*Oct 1 16:49:14.269: OSPFv3: put LS request for LSID 0.0.0.0, type 2009, adv. rtr. 4.4.4.4 in LS REQ packet

*Oct 1 16:49:14.269: OSPFv3: Send LS REQ to 4.4.4.4 length 36 LSA count 3

*Oct 1 16:49:18.981: OSPFv3: Rcv LS REQ from 4.4.4.4 on Tunnel0 length 52 LSA count 3

*Oct 1 16:49:18.981: OSPFv3: Send UPD to FE80::219:6FF:FE66:6330 on Tunnel0 length 136 LSA count 3

*Oct 1 16:49:19.073: OSPFv3: Tunnel0 Nbr: 4.4.4.4: Retransmitting LS REQ

*Oct 1 16:49:19.073: OSPFv3: put LS request for LSID 0.0.0.0, type 2001, adv. rtr. 4.4.4.4 in LS REQ packet

*Oct 1 16:49:19.073: OSPFv3: put LS request for LSID 0.0.0.10, type 8, adv. rtr. 4.4.4.4 in LS REQ packet

*Oct 1 16:49:19.073: OSPFv3: put LS request for LSID 0.0.0.0, type 2009, adv. rtr. 4.4.4.4 in LS REQ packet

*Oct 1 16:49:19.073: OSPFv3: Send LS REQ to 4.4.4.4 length 36 LSA count 3

*Oct 1 16:49:23.521: OSPFv3: Rcv LS REQ from 4.4.4.4 on Tunnel0 length 52 LSA count 3

*Oct 1 16:49:23.521: OSPFv3: Send UPD to FE80::219:6FF:FE66:6330 on Tunnel0 length 136 LSA count 3

*Oct 1 16:49:23.789: OSPFv3: Tunnel0 Nbr: 4.4.4.4: Retransmitting LS REQ

*Oct 1 16:49:23.789: OSPFv3: put LS request for LSID 0.0.0.0, type 2001, adv. rtr. 4.4.4.4 in LS REQ packet

*Oct 1 16:49:23.789: OSPFv3: put LS request for LSID 0.0.0.10, type 8, adv. rtr. 4.4.4.4 in LS REQ packet

Router5# debug ospfv3 retrans

OSPFv3 retransmission events debugging is on

Router5#sh ospfv3 nei

OSPFv3 Router with ID (5.5.5.5) (Process ID 1)

Neighbor ID Pri State Dead Time Interface ID Interface

4.4.4.4 1 LOADING/ - 00:01:56 10 Tunnel0

*Oct 1 16:53:27.161: %OSPFv3-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from L

OADING to DOWN, Neighbor Down: Too many retransmits

pauloroque · ‎10-01-2009

Hi hugh2_nguyen.

You have a problem with your link or problem with MTU. The simptons show that.

Just to make sure ... have you set the df-bit when pinging the other side? I mean

'ping 1.1.1.1 df-bit repeat 1000 size 1400'.

Also, I insist, try a smaller MTU link on both the tunnel int. Maybe 1000 bytes.

If it still does not work, check for error on interfaces.

A 'show int' on both Gi and Tu interfaces of both routers may help. Or may be a congested link between the both.

hugh2_nguyen · ‎10-01-2009

marwanshawi and Paolo,

I connected two laptops to the two WAN gateways and I could stream video through the WAN although the bandwidth of the WAN is very limited (less than 1Mbps).

I'll try your suggestions later today and let you know the results. I'll try with ospf but eventually I have to run ospfv3 since user applications are IPv6. Thanks.

Hugh

Marwan ALshawi · ‎10-01-2009

if you want to estblish ipv6 routing over ipv4 netwrk

you need:

1- enable ipv6 routing

ipv6 unicast-routing

2- give each tunnel an ipv4 address in the same subnet

3- use tunnel mode as ipv6ip ( less overhead)

underthe tunnel enable osofv3 like

ipv6 ospfv3 area 0