GRE Tunnel on HSRP

Answered Question
Aug 11th, 2007

How can i configure GRE Tunnel on router A so that it will be terminated on Routers B and C which are running HSRP. This is required such Router A is always connected to the Active HSRP Router A or B whichever one that is Active HSRP for failover.

Router B

---

|

|

HSRP ------------------- Router A

|

|_ _

Router C

I have this problem too.
0 votes
Correct Answer by sundar.palaniappan about 9 years 4 months ago

I am afraid you won't be able to use the HSRP address as the GRE tunnel source/destination address. The router would have to use one of the addresses configured on an interface as the GRE source but HSRP is just a virtual address and therefore it isn't a viable option. You may have to look for other ways to provide a primary/failover solution.

HTH

Sundar

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.2 (6 ratings)
Loading.
Correct Answer
sundar.palaniappan Sat, 08/11/2007 - 19:40

I am afraid you won't be able to use the HSRP address as the GRE tunnel source/destination address. The router would have to use one of the addresses configured on an interface as the GRE source but HSRP is just a virtual address and therefore it isn't a viable option. You may have to look for other ways to provide a primary/failover solution.

HTH

Sundar

sanyaolu Sun, 08/12/2007 - 03:18

That was what i thought that i could use HSRP VIP of Routers B and C as the tunnel destination on Router A

So what will be a best solution to use GRE Tunnel and yet have a capacity to failover between Routers B and C if one of the router fails ?

Adeolu

Paolo Bevilacqua Sun, 08/12/2007 - 03:58

Either you set two point-to-point tunnels, or a single multipoint tunnel with NHRP.

In either cases you should use a routing protocol to ensure reachability of all destinations.

Hope this helps, please rate post if it does!

osiristrading123 Sun, 08/12/2007 - 04:10

You could run two tunnels, and route the destination down both with different metrics. Then use tunnel keepalives to determine whether the tunnel is up or down. If the tunnel fails, the alternate route will be taken.

sanyaolu Sun, 08/12/2007 - 04:17

The purpose of using the GRE Tunnel is to allow none routable RFC 1918 IP addresses to flow thru the tunnel from one destination to the other over the internet. Yet having a failover between two routers running HSRP

Richard Burts Sun, 08/12/2007 - 04:55

Adeolu

I have implemented something very close to what you describe to route RFC 1918 addresses over GRE tunnels with redundancy. What I did was to configure 2 point to point GRE tunnels from a remote router to 2 head end routers. I ran a dynamic routing protocol over both tunnels and weighted the metrics so that normally traffic used the tunnel to the HSRP router with the highest HSRP priority. If that router became unavailable then the routing protocol converged and traffic flowed over the second tunnel. I would think that something like this would work for you.

I believe that there are several issues in attempting to create a GRE tunnel to the HSRP address. One of the issues is that you might have traffic flowing to one destination through one router is suddenly flowing through a different router. This would be disruptive to anything that attempts to maintain state information about transit traffic. Another issue is that while you might be able to configure the destination address as the HSRP shared address, how would you configure the source address?

You are really better off using 2 GRE tunnels, one to each remote.

HTH

Rick

sundar.palaniappan Sun, 08/12/2007 - 05:16

Build two GRE tunnels on both routers, B and C, using the physical LAN interface as the source address to form a tunnel with Router A. As someone earlier suggested enable GRE keepalives on the tunnel int, configure static route to the remote LAN to point the next_hop via tunnel for the primary link and a floating static route(route w/higher admin distance) for the backup link.

Alternatively you can configure a routing protocol like EIGRP over the tunnel instead of using the static route(s).

Rick,

Sorry I just saw that you had responded to the post as well. I typed most of the response 20 mins ago and had to walk away to take care of something and came back and posted my response hence the overlap.

HTH

Sundar

Richard Burts Sun, 08/12/2007 - 15:02

Sundar

It is not a problem. This kind of overlap happens frequently (I most often notice it when I have been typing a response which may take me a while to complete and when I post it I find that it overlaps with a response from someone else).

I take it as a compliment that you and I are suggesting the same kind of solution to this question.

HTH

Rick

I guess the solution suggested by Sundar and Rick should be fine. But just to see if any other alternative is possible can you tell us how exactly Router A , B and C are connected (physical) ? Guess Router B and C are on the same segment but how is Router A connected? Is it on the same LAN or connected in some other way?

sanyaolu Mon, 08/13/2007 - 02:36

Yes the solution sugested should be fine. Router B and C are on the same segment in Newyork while Router A is in Atlanta.

I am thinking of using static or i-BGP routing protocol. Just wondering if i use i-BGP will i do peering based on the remote physical IP address or the tunnel IP address ? I just want to be sure that the peering is done such that BGP reconverge if the tunnel fails.

Adeolu

Richard Burts Mon, 08/13/2007 - 03:29

Adeolu

In my experience of implementations like this we have found it better to use an Interior Routing protocol like EIGRP or OSPF (or even RIP). But perhaps there are aspects of your environment that we do not know that make IBGP a better choice. If you are going to use IBGP I would do the peering with the tunnel addresses. My concern would be that the tunnel to router B might fail but the physical address might still be reachable via router C.

We might also consider the alternative of static routes. Especially if you configure GRE tunnel keepalive (which I would also suggest if you do IBGP to help convergence) if there were a failure in the tunnel the tunnel interface would go protocol down and any static route using the tunnel would be withdrawn. So static routes might be the most simple and lowest overhead solution.

HTH

Rick

sanyaolu Mon, 08/13/2007 - 09:37

Guys,

You all have been very helpful and it was a very nice conversation. I will enable GRE keepalives on the tunnel int, configure static route to the remote LAN to point the next_hop via tunnel for the primary link and a floating static route(route w/higher admin distance) for the backup link.

Thanks ALL !!!

Actions

This Discussion