03-03-2011 01:10 AM
We have two sites connection via an IPSEC tunnel and periodically we see the EIGRP adjacency between the two sites will go down:
Mar 2 03:58:52.495: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.1.1.1 (Tunnel1) is down: holding time expired
.Mar 2 04:15:12.703: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.1.1..1 (Tunnel1) is up: new adjacency
The tunnel does not appear to go down though. At one end we see this:
Feb 27 02:53:44.144: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.1.1.2 (Tunnel0) is down: Interface Goodbye received
Feb 27 02:53:48.880: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.1.1.2 (Tunnel0) is up: new adjacency
Feb 27 02:55:08.391: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.1.1.2 (Tunnel0) is down: retry limit exceeded
Feb 27 02:56:17.582: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.1.1.2 (Tunnel0) is up: new adjacency
03-03-2011 02:40 AM
I had a similar situation where two EIGRP routers were connected over a microwave link that was unreliable. To prove this I needed to gather some stats. You could try a couple of things:
- Setup an IP SLA monitor to measure packet loss to the remote end.
- Enable route profiling to gather stats on the stability of the routing table, http://www.cisco.com/en/US/docs/ios/iproute_pi/command/reference/iri_pi1.html#wp1012879
- Setup SNMP monitoring to measure bandwidth and packet loss.
Cheers
Sean
03-03-2011 05:38 AM
Rememeber EIGRP hellos are not acknowledged. You are also running over a GRE tunnel.
I would
1) Enable GRE tunnel keepalives - hello 1 dead 3
2) Check your WAN circuit - you could have an issue with 1 way transmission - if connected to a switch and layer 2 circuit use UDLD agressive.
3) Change your EIGRP hello hold timers 1 hello 3 hold.
HTH>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide