Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > GRE tunnel problem

Reply
Thread Tools

GRE tunnel problem

 
 
ve7eje
Guest
Posts: n/a
 
      05-27-2010
I have a very basic tunnel set up between 2 2800 series routers (IOS
12.4(24)T).

near end router
int tu0
no ip address
keepalive 10 3
tunnel source fa0/1
tunnel destination [far end routers fa0/1 routable IP]

far end router
int tu0
no ip address
keepalive 10 3
tunnel source fa0/1
tunnel destination [near end routers fa0/1 routable IP]

This all works just fine except if the link goes down. If that happens
the tunnel doesn't automatically recover when the link comes back up.
The only way I have found to get the tunnel back is to manually delete
and rebuild the tunnel config in one of the routers.

Am I missing something?

Thanks -Rob-
 
Reply With Quote
 
 
 
 
Rob
Guest
Posts: n/a
 
      05-27-2010
ve7eje <(E-Mail Removed)> wrote:
> I have a very basic tunnel set up between 2 2800 series routers (IOS
> 12.4(24)T).
>
> near end router
> int tu0
> no ip address
> keepalive 10 3
> tunnel source fa0/1
> tunnel destination [far end routers fa0/1 routable IP]
>
> far end router
> int tu0
> no ip address
> keepalive 10 3
> tunnel source fa0/1
> tunnel destination [near end routers fa0/1 routable IP]
>
> This all works just fine except if the link goes down. If that happens
> the tunnel doesn't automatically recover when the link comes back up.
> The only way I have found to get the tunnel back is to manually delete
> and rebuild the tunnel config in one of the routers.


I have used tunnels several times and I have not seen this...
However, those always were tunnels with "tunnel protection ipsec .."
That should not matter, I think.
I don't use the "keepalive 10 3" but I do use eigrp over the tunnel
to build routes. This seems to work fine.

No idea why it does not work for you...
 
Reply With Quote
 
 
 
 
rmundy rmundy is offline
Junior Member
Join Date: May 2010
Posts: 10
 
      05-27-2010
Rob,

When the link goes down is it the Fa0/1 interface itself that drops or another device/link between the two?

I've seen a similar problem in the past but it only related to when the physical interface itself went down. When it came back up the tunnel interface didn't seem to notice.

The workaround I found was to change the tunnel source to the actual interface IP address rather the interface name.
 
Reply With Quote
 
Mark Huizer
Guest
Posts: n/a
 
      05-27-2010
The wise ve7eje enlightened me with:
> I have a very basic tunnel set up between 2 2800 series routers (IOS
> 12.4(24)T).
>
> near end router
> int tu0
> no ip address
> keepalive 10 3
> tunnel source fa0/1
> tunnel destination [far end routers fa0/1 routable IP]
>
> far end router
> int tu0
> no ip address
> keepalive 10 3
> tunnel source fa0/1
> tunnel destination [near end routers fa0/1 routable IP]
>
> This all works just fine except if the link goes down. If that happens
> the tunnel doesn't automatically recover when the link comes back up.
> The only way I have found to get the tunnel back is to manually delete
> and rebuild the tunnel config in one of the routers.
>
> Am I missing something?


What do the interfaces say? Up or Down? How do you do routing? Static or
dynamic? Does it help to use 'shut' and 'no shut' on the tunnels,
instead of a delete and reconfigure?

Greetings

Mark
 
Reply With Quote
 
bod43
Guest
Posts: n/a
 
      05-28-2010
On 27 May, 18:05, Mark Huizer <(E-Mail Removed)>
wrote:
> The wise ve7eje enlightened me with:
>
>
>
> > I have a very basic tunnel set up between 2 2800 series routers (IOS
> > 12.4(24)T).

>
> > near end router
> > int tu0
> > * no ip address
> > * keepalive 10 3
> > * tunnel source fa0/1
> > * tunnel destination [far end routers fa0/1 routable IP]

>
> > far end router
> > int tu0
> > * no ip address
> > * keepalive 10 3
> > * tunnel source fa0/1
> > * tunnel destination [near end routers fa0/1 routable IP]

>
> > This all works just fine except if the link goes down. If that happens
> > the tunnel doesn't automatically recover when the link comes back up.
> > The only way I have found to get the tunnel back is to manually delete
> > and rebuild the tunnel config in one of the routers.

>
> > Am I missing something?

>
> What do the interfaces say? Up or Down? How do you do routing? Static or
> dynamic? Does it help to use 'shut' and 'no shut' on the tunnels,
> instead of a delete and reconfigure?




I have used tunnels quite a lot, with and without keepalives,
and this should not be happening - obviously

I wonder if there is perhaps some routing problem such that
the routers cannot communicate when the interfaces exist.
Then when you recreate the interface but before some
change occurs in the routing table the tunnel gets established.

Crazy idea, can't see how it could be true, but maybe worth
considering.

I often used static first hops for the gre traffic to ensure that
recursive routing could not occur. First hop was enough for our
topology.

e.g.

far end router
int tu0
no ip address
keepalive 10 3
tunnel source fa0/1
tunnel destination [near end routers fa0/1 routable IP]

ip route near-end-routers-fa0/1-routable-IP next-hop

 
Reply With Quote
 
ve7eje
Guest
Posts: n/a
 
      05-31-2010
On May 27, 10:05*am, Mark Huizer <xaa
(E-Mail Removed)> wrote:
> The wise ve7eje enlightened me with:
>
> What do the interfaces say? Up or Down? How do you do routing? Static or
> dynamic? Does it help to use 'shut' and 'no shut' on the tunnels,
> instead of a delete and reconfigure?
>


The tunnel interfaces show admin up but protocol down. I have tried
shut/no shut and that doesn't do anything. Next time this happens, I
will try a few more things. This is a production link so the emphasis
is on restoral, not testing. The routing is dynamic (OSPF).
This only affects the tunnel though which is used to pass DECNET
through a Telco that doesn't support that protocol. Other IP traffic
flowing between the physical interfaces restores just fine.
I will keep bod43's idea in mind for when this happens next time.
I am also building a sandbox that I can use to experiment with.
Assuming I can duplicate the problem that is.

-Rob-
 
Reply With Quote
 
Andy Davidson
Guest
Posts: n/a
 
      06-08-2010
ve7eje <(E-Mail Removed)> wrote:
> The tunnel interfaces show admin up but protocol down. I have tried
> shut/no shut and that doesn't do anything. Next time this happens, I
> will try a few more things.


Sorry to echo the thoughts of others, but I have never seen this either.
How long are you waiting for the tunnel to establish? Can you ping the
endpoint address when the tunnel fails to come back ? Is anything logged
? Can you attach a monitor port to some intermediate switch between the
device to see whether the tunnel is attempting to rebuild ? Same IOS
both sides ? Tunnel in same state when down at both sides ?

Sorry to have no magic bullet.



Andy.
www.netsumo.com // ISP consultancy
 
Reply With Quote
 
davidblack davidblack is offline
Junior Member
Join Date: Aug 2012
Posts: 1
 
      08-31-2012
i have the same problem. a tunnel between two routers with a keepalive 10 3 set on each end. the purpose of the keepalive is to show correct tunnel status if communications go down. otherwise the tunnel shows up/up if the underlying physical interface is up/up. my tunnel goes through a crypto system, so all interfaces from one end to the other always show up/up. i believe that when the crypto gear is reloaded or updated, the tunnel communications are blocked for more than 30 seconds. like the orginator, my tunnel will not recover automatically. however, if i reload the router, the tunnel is operational again. interestingly, only one end of the tunnel goes down because of the keepalive. if no solution can be found, i suppose i will remove the keepalive command.

my routers are both 3825 routers running IOS ADVIPSERVICES 12.4(16B) and 12.4(29)T2

i have a tunnel to another 3825 router that does not experience this issue. it however does not go through any encryption devices.

thanks for anyone who has an answer.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: GRE Tunnel problem with one endpoint in NAT News Reader Cisco 4 05-05-2008 05:52 PM
Problem with GRE tunnel not coming up DC Cisco 6 01-29-2008 12:22 PM
GRE Tunnel up/up Cannot ping tunnel interface tsvanduyn@yahoo.com Cisco 6 03-09-2006 01:33 AM
Split Tunnel Blocks http through tunnel but passes http around tunnel a.nonny mouse Cisco 2 09-19-2004 12:10 AM
Termination of an IPSec VPN tunnel and a GRE Tunnel on one physical interface. John Ireland Cisco 1 11-11-2003 04:47 PM



Advertisments