cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
485
Views
0
Helpful
2
Replies

'show interfacer tunnel' command question

xzjleo2005
Level 1
Level 1

Tunnel1 is up, line protocol is up

Hardware is Tunnel

Description: tunnel to Lane Cove for Lane Cove Internet traffic

Internet address is 10.211.1.5/31

MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation TUNNEL, loopback not set

Keepalive set (10 sec), retries 3

Tunnel source 10.150.32.3, destination 10.150.0.2

Tunnel protocol/transport GRE/IP

Key disabled, sequencing disabled

Checksumming of packets disabled

Tunnel TTL 255

Fast tunneling enabled

Tunnel transmit bandwidth 8000 (kbps)

Tunnel receive bandwidth 8000 (kbps)

Last input 5d01h, output 00:00:02, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/0 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

1677564 packets input, 243987624 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

99864 packets output, 4793472 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

Our two routers build up a GRE tunnel over the MPLS for Internet traffic. The above is the content of 'show interface tunnel' command, my question are:

1/ what is the 'input' and 'output' direction for this tunnel. Does 'input' mean the traffic from local to remote, and 'output' mean the traffic from remote to local?

2/ From the show command, there is a line ' Last input 5d01h, output 00:00:02, output hang never', what is the meaning of 'output hang never'?

Thanks, Leo

2 Replies 2

michael.leblanc
Level 4
Level 4

Question #1 is rather interesting. The answer is less simple than one might assume. Make sure you read the last paragraph.

I previously attempted to apply ACLs inbound and outbound on a tunnel interface to implement security policy. I first constructed ACLs to determine what would be matched in the two directions.

TCP/UDP/ICMP host-to-host traffic destined to the far-side network matched the "outbound" ACL applied on the local tunnel interface.

Host-to-host traffic from the far-side network matched the "inbound" ACL, as did EIGRP traffic from the far-side tunnel interface IP (unicasts and multicasts).

However, the "inbound" ACL also matched GRE packets with a source equal to the "tunnel source" (local ext. interface IP), and a destination equal to the "tunnel destination" (far-side ext. interface IP), which I had not expected.

purohit_810
Level 5
Level 5

Hi,

Here is the complete interface reading guide.

http://www.cisco.com/en/US/docs/ios/12_2/interface/command/reference/irfshoin.html#wp1022428

Thanks,

Dharmesh Purohti

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: