03-16-2023 04:49 AM
Hello there,
I am seeing odd behavior in the dmvpn tunnels. I have a HUB and Spoke topology running EIGRP protocol. The network was stable for a long time but recently I started seeing that spoke side tunnels go down on their own and to bring it up, I have to bounce the tunnel. There is no other way it comes back. The error I see is as follows -
Mar 14 22:28:17.032: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.100 (Tunnel100) is down: holding time expired
Mar 15 07:14:50.578: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.100 (Tunnel100) is down: holding time expired
Mar 15 07:32:01.494: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.100 (Tunnel100) is down: holding time expired
Mar 15 07:42:50.620: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.100 (Tunnel100) is down: holding time expired
Mar 15 07:49:21.035: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.100 (Tunnel100) is down: holding time expired
Mar 15 07:53:39.951: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.100 (Tunnel100) is down: holding time expired
Mar 15 07:59:55.942: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.100 (Tunnel100) is down: holding time expired
Some of the routers have dual tunnels ( meaning primary and secondary tunnels on the same router but in two separate vrf) and some of the sites have two separate routers. Wherever I have two separate routers, the secondary does not have an issue. but the primary goes down.
03-16-2023 04:56 AM - edited 03-16-2023 05:22 AM
two point must check here
1- Tunnel key must be different
2- Tunnel must config with ipsec profile shared keyword if both share same source interface
03-16-2023 06:59 AM
Please note that tunnel is up and running at the moment. It happens every now and then. If the tunnel has an incorrect key and profile. How it will be up when I do a shut no shut? If the policy is not configured correctly, it will bot even bring up the MM1 itself.
Thanks for your response.
03-16-2023 09:17 AM
Hi,
so return to this issue
the EIGRP use two packet
one is multicast <hello>
other is unicast
you mention that the spoke have two VRF, are this VRF is front-VRF
can you share the config of tunnel and config of tunnel source ??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide