GRE tunnel problem

Discussion in 'Cisco' started by ve7eje, May 27, 2010.

  1. ve7eje

    ve7eje Guest

    I have a very basic tunnel set up between 2 2800 series routers (IOS
    12.4(24)T).

    near end router
    int tu0
    no ip address
    keepalive 10 3
    tunnel source fa0/1
    tunnel destination [far end routers fa0/1 routable IP]

    far end router
    int tu0
    no ip address
    keepalive 10 3
    tunnel source fa0/1
    tunnel destination [near end routers fa0/1 routable IP]

    This all works just fine except if the link goes down. If that happens
    the tunnel doesn't automatically recover when the link comes back up.
    The only way I have found to get the tunnel back is to manually delete
    and rebuild the tunnel config in one of the routers.

    Am I missing something?

    Thanks -Rob-
     
    ve7eje, May 27, 2010
    #1
    1. Advertising

  2. ve7eje

    Rob Guest

    ve7eje <> wrote:
    > I have a very basic tunnel set up between 2 2800 series routers (IOS
    > 12.4(24)T).
    >
    > near end router
    > int tu0
    > no ip address
    > keepalive 10 3
    > tunnel source fa0/1
    > tunnel destination [far end routers fa0/1 routable IP]
    >
    > far end router
    > int tu0
    > no ip address
    > keepalive 10 3
    > tunnel source fa0/1
    > tunnel destination [near end routers fa0/1 routable IP]
    >
    > This all works just fine except if the link goes down. If that happens
    > the tunnel doesn't automatically recover when the link comes back up.
    > The only way I have found to get the tunnel back is to manually delete
    > and rebuild the tunnel config in one of the routers.


    I have used tunnels several times and I have not seen this...
    However, those always were tunnels with "tunnel protection ipsec .."
    That should not matter, I think.
    I don't use the "keepalive 10 3" but I do use eigrp over the tunnel
    to build routes. This seems to work fine.

    No idea why it does not work for you...
     
    Rob, May 27, 2010
    #2
    1. Advertising

  3. ve7eje

    rmundy

    Joined:
    May 27, 2010
    Messages:
    10
    Rob,

    When the link goes down is it the Fa0/1 interface itself that drops or another device/link between the two?

    I've seen a similar problem in the past but it only related to when the physical interface itself went down. When it came back up the tunnel interface didn't seem to notice.

    The workaround I found was to change the tunnel source to the actual interface IP address rather the interface name.
     
    rmundy, May 27, 2010
    #3
  4. ve7eje

    Mark Huizer Guest

    The wise ve7eje enlightened me with:
    > I have a very basic tunnel set up between 2 2800 series routers (IOS
    > 12.4(24)T).
    >
    > near end router
    > int tu0
    > no ip address
    > keepalive 10 3
    > tunnel source fa0/1
    > tunnel destination [far end routers fa0/1 routable IP]
    >
    > far end router
    > int tu0
    > no ip address
    > keepalive 10 3
    > tunnel source fa0/1
    > tunnel destination [near end routers fa0/1 routable IP]
    >
    > This all works just fine except if the link goes down. If that happens
    > the tunnel doesn't automatically recover when the link comes back up.
    > The only way I have found to get the tunnel back is to manually delete
    > and rebuild the tunnel config in one of the routers.
    >
    > Am I missing something?


    What do the interfaces say? Up or Down? How do you do routing? Static or
    dynamic? Does it help to use 'shut' and 'no shut' on the tunnels,
    instead of a delete and reconfigure?

    Greetings

    Mark
     
    Mark Huizer, May 27, 2010
    #4
  5. ve7eje

    bod43 Guest

    On 27 May, 18:05, Mark Huizer <>
    wrote:
    > The wise ve7eje enlightened me with:
    >
    >
    >
    > > I have a very basic tunnel set up between 2 2800 series routers (IOS
    > > 12.4(24)T).

    >
    > > near end router
    > > int tu0
    > >   no ip address
    > >   keepalive 10 3
    > >   tunnel source fa0/1
    > >   tunnel destination [far end routers fa0/1 routable IP]

    >
    > > far end router
    > > int tu0
    > >   no ip address
    > >   keepalive 10 3
    > >   tunnel source fa0/1
    > >   tunnel destination [near end routers fa0/1 routable IP]

    >
    > > This all works just fine except if the link goes down. If that happens
    > > the tunnel doesn't automatically recover when the link comes back up.
    > > The only way I have found to get the tunnel back is to manually delete
    > > and rebuild the tunnel config in one of the routers.

    >
    > > Am I missing something?

    >
    > What do the interfaces say? Up or Down? How do you do routing? Static or
    > dynamic? Does it help to use 'shut' and 'no shut' on the tunnels,
    > instead of a delete and reconfigure?




    I have used tunnels quite a lot, with and without keepalives,
    and this should not be happening - obviously:)

    I wonder if there is perhaps some routing problem such that
    the routers cannot communicate when the interfaces exist.
    Then when you recreate the interface but before some
    change occurs in the routing table the tunnel gets established.

    Crazy idea, can't see how it could be true, but maybe worth
    considering.

    I often used static first hops for the gre traffic to ensure that
    recursive routing could not occur. First hop was enough for our
    topology.

    e.g.

    far end router
    int tu0
    no ip address
    keepalive 10 3
    tunnel source fa0/1
    tunnel destination [near end routers fa0/1 routable IP]

    ip route near-end-routers-fa0/1-routable-IP next-hop
     
    bod43, May 28, 2010
    #5
  6. ve7eje

    ve7eje Guest

    On May 27, 10:05 am, Mark Huizer <xaa
    > wrote:
    > The wise ve7eje enlightened me with:
    >
    > What do the interfaces say? Up or Down? How do you do routing? Static or
    > dynamic? Does it help to use 'shut' and 'no shut' on the tunnels,
    > instead of a delete and reconfigure?
    >


    The tunnel interfaces show admin up but protocol down. I have tried
    shut/no shut and that doesn't do anything. Next time this happens, I
    will try a few more things. This is a production link so the emphasis
    is on restoral, not testing. The routing is dynamic (OSPF).
    This only affects the tunnel though which is used to pass DECNET
    through a Telco that doesn't support that protocol. Other IP traffic
    flowing between the physical interfaces restores just fine.
    I will keep bod43's idea in mind for when this happens next time.
    I am also building a sandbox that I can use to experiment with.
    Assuming I can duplicate the problem that is.

    -Rob-
     
    ve7eje, May 31, 2010
    #6
  7. ve7eje <> wrote:
    > The tunnel interfaces show admin up but protocol down. I have tried
    > shut/no shut and that doesn't do anything. Next time this happens, I
    > will try a few more things.


    Sorry to echo the thoughts of others, but I have never seen this either.
    How long are you waiting for the tunnel to establish? Can you ping the
    endpoint address when the tunnel fails to come back ? Is anything logged
    ? Can you attach a monitor port to some intermediate switch between the
    device to see whether the tunnel is attempting to rebuild ? Same IOS
    both sides ? Tunnel in same state when down at both sides ?

    Sorry to have no magic bullet.



    Andy.
    www.netsumo.com // ISP consultancy
     
    Andy Davidson, Jun 8, 2010
    #7
  8. ve7eje

    davidblack

    Joined:
    Aug 31, 2012
    Messages:
    1
    i have the same problem. a tunnel between two routers with a keepalive 10 3 set on each end. the purpose of the keepalive is to show correct tunnel status if communications go down. otherwise the tunnel shows up/up if the underlying physical interface is up/up. my tunnel goes through a crypto system, so all interfaces from one end to the other always show up/up. i believe that when the crypto gear is reloaded or updated, the tunnel communications are blocked for more than 30 seconds. like the orginator, my tunnel will not recover automatically. however, if i reload the router, the tunnel is operational again. interestingly, only one end of the tunnel goes down because of the keepalive. if no solution can be found, i suppose i will remove the keepalive command.

    my routers are both 3825 routers running IOS ADVIPSERVICES 12.4(16B) and 12.4(29)T2

    i have a tunnel to another 3825 router that does not experience this issue. it however does not go through any encryption devices.

    thanks for anyone who has an answer.
     
    davidblack, Aug 31, 2012
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Ireland
    Replies:
    1
    Views:
    1,102
    Claude LeFort
    Nov 11, 2003
  2. a.nonny mouse
    Replies:
    2
    Views:
    1,147
  3. Replies:
    6
    Views:
    29,764
  4. DC
    Replies:
    6
    Views:
    13,165
  5. News Reader
    Replies:
    4
    Views:
    1,024
    News Reader
    May 5, 2008
Loading...

Share This Page