Hello All ,
We are using multiple SVTI tunnels over EIGRP , we are facing issue for tunnels flapping . The log and configuration is mentioned below ;-
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor srcaddr=Y.Y.y.y (Tunnel201) is up: new adjacency
LINEPROV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=X:X:X:X, prot=50, spi=0xBF6B4869(3211479145), srcaddr=Y.Y.y.y input interface=Tunnel5555
%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=X:X:X:X, prot=50, spi=0xBF6B4869(3211479145), srcaddr=srcaddr=Y.Y.y.y , input interface=Tunnel5555
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel5555, changed state to upTO-5-UPDOWN: Line protocol on Interface Tunnel5555, changed state to down
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor srcaddr=Y.Y.y.y (Tunnel5555) is down: interface down
%CRYPTO-4-RECVD_PKT_IN
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.220.33 (Tunnel5555) is up: new adjacency
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.111.170 (tun111) is down: Interface PEER-TERMINATION received
%LINEPROTO-5-UPDOWN: Line protocol on Interface tun111, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface tun111, changed state to up
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.111.170 (tun111) is up: new adjacency
%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=srcaddr=Y.Y.y.y , prot=50, spi=0xB76360E1(3076743393), srcaddr=srcaddr=Y.Y.y.y , input interface=tun111
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel5555, changed state to down
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.220.33 (Tunnel5555) is down: interface down
%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=X:X:X:X, prot=50, spi=0x9240D2FE(2453721854), srcaddr=srcaddr=Y.Y.y.y , input interface=Tunnel5555
%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=X:X:X:X, prot=50, spi=0x9240D2FE(2453721854), srcaddr=2srcaddr=Y.Y.y.y , input interface=Tunnel5555
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel5555, changed state to up
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.220.33 (Tunnel5555) is up: new adjacency
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.111.170 (tun111) is down: holding time expired
%LINEPROTO-5-UPDOWN: Line protocol on Interface tun111, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface tun111, changed state to up
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.111.170 (tun111) is up: new adjacency
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.220.33 (Tunnel5555) is down: Interface PEER-TERMINATION received
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.220.33 (Tunnel5555) is up: new adjacency
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.111.170 (tun111) is down: holding time expired
%LINEPROTO-5-UPDOWN: Line protocol on Interface tun111, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface tun111, changed state to up
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.111.170 (tun111) is up: new adjacency
%LINEPROTO-5-UPDOWN: Line protocol on Interface tun111, changed state to down
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.111.170 (tun111) is down: interface down
CEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface tun111, changed state to up
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.111.170 (tun111) is up: new adjacency
%IOSXE-3-PLATFORM:cpp_cp: QFP:0.0 Thread:001 TS:00003152843628822411 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 166, src_addrsrcaddr=Y.Y.y.y , dest_addr X:X:X:X, SPI 0xae75706a
%DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor 192.168.223.50 (Tunnel201) is down: holding time expired
nterface Tunnel11
bandwidth 2000
ip address 192.168.223.190 255.255.255.252
no ip redirects
no ip proxy-arp
ip accounting output-packets
ip mtu 1350
ip tcp adjust-mss 1300
load-interval 30
keepalive 10 3
tunnel source xxxx
tunnel mode ipsec ipv4
tunnel destination yyyyy
tunnel protection ipsec profile prof-svti-prov-sec
