Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
503
Views
0
Helpful
4
Replies

GRE Tunnel and Routing

Steven Williams
Level 4
Level 4

‎02-08-2014 01:00 PM

Should I be adding a static route in the local router for the remote LAN to be reached via the opposite tunnel address or let BGP take care of that?

Example:

R1#

!                 

interface Tunnel0

description GRE tunnel

bandwidth 1536

Keepalive 10 3

ip address 192.168.69.29 255.255.255.252

tunnel source 10.170.199.6

tunnel destination 10.70.100.32

!

ip route 10.70.100.0 255.255.254.0 192.168.69.30

!

R2#

!

interface Tunnel0

description GRE tunnel

bandwidth 1536

Keepalive 10 3

ip address 192.168.69.30 255.255.255.252

tunnel source 10.70.100.32

tunnel destination 10.170.199.6

!

ip route 10.170.199.0 255.255.255.0 192.168.69.29

!

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎02-08-2014 03:03 PM

My first reaction was to say that there is not enough information here for us to give you good advice. For example you mention the possibility of BGP advertising it. But you give us zero information about BGP.

Then I read a bit more closely and realize that we can give you some advice - the static route that you suggest is a big mistake. Taking R1 as an example - 10.70.100.0 may be the LAN on the other side, but it also contains the tunnel destination. And your static route to that subnet uses the tunnel peer address as the next hop. You absolutely do not want to have a route to the tunnel destination using the tunnel peer as the next hop. If you do configure this the tunnel will not come up and there will be error messages about recursive routing. The tunnel destination needs to be reachable via something other than the tunnel.

Same issue on the R2 side.

So change the static routes. And if you give us more information about the environment perhaps we can give you some helpful advice.

HTH

Rick

HTH

Rick
0 Helpful

Steven Williams
Level 4
Level 4
In response to Richard Burts

‎02-08-2014 03:18 PM

Ok so all these routers belong to a MPLS cloud. There are lets say 20 sites total that were company A, now 10 sites were purchased by company B. Company A and Company B have overlapping subnets which causes an issue when company B needs to access services for Company B. So what we decided to do was create static GRE tunnels between the 10 sites and the main Datacenter that has a Point to Point ASA VPN at it. So we are tunneling the required routes to the datacenter then over the point to point. All sites are parcipating in PE and CE BGP peering and advertising their local routes. At each of the 10 sites, not including the datacenter, I have put in static routes to all company B subnets in each router with a gateway of the datacenter router tunnel interface.

Then on datacenter router I have a static route to each of the 10 sites with the opposite tunnel IP. Does this make sense?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Steven Williams

‎02-08-2014 03:32 PM

I have got to admit that right now it does not make much sense.

Will BGP be running over these tunnels?

Being confused about the topology and the requirements, I will offer this suggestion. The first thing that I would suggest would be that the tunnel destination probably should not be in the LAN of the remote site. Some times the tunnel destination might be a loopback at the remote site, or it might be the address of the WAN interface at the retmote site. In either case you can have a route to the remote LAN go over the tunnel without causing the recursive issue.

HTH

Rick

HTH

Rick
0 Helpful

Steven Williams
Level 4
Level 4
In response to Richard Burts

‎02-08-2014 03:46 PM

what doesnt make sense?

Sets say Company A Site 1 has a subnet of 10.32.0.0/16

Company B has the same subnet over the point to point VPN tunnel back at the datacenter.

NAT Is not an option because of DNS.

So Company B Site 1 on the same MPLS as Company A Site 1 needs to get to a webpage at 10.32.1.11, but Company B Site 1 will go to Company A Site 1 for this as its advertising it is 10.32.0.0/16

Now at the datacenter router I have a static that says to get to 10.32.1.0/24 next hop is the internal ASA of the Datacenter. Now how do I get all my 10 sites belonging to Company B to across the tunnel? Well I can redistribute my statics into BGP, but then any other Company A site needing to get to 10.32.0.0/16 will route to me...cant have that.

Being that ALL sites for both Company A and Company B in the same MPLS VPN/VRF, it becomes an issue.

Check out my post over here.

https://supportforums.cisco.com/message/4149871#4149871

0 Helpful
Customers Also Viewed These Support Documents