07-01-2008 03:30 PM
Tunnel1 is up, line protocol is up
Hardware is Tunnel
Description: tunnel to Lane Cove for Lane Cove Internet traffic
Internet address is 10.211.1.5/31
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (10 sec), retries 3
Tunnel source 10.150.32.3, destination 10.150.0.2
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 5d01h, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1677564 packets input, 243987624 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
99864 packets output, 4793472 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Our two routers build up a GRE tunnel over the MPLS for Internet traffic. The above is the content of 'show interface tunnel' command, my question are:
1/ what is the 'input' and 'output' direction for this tunnel. Does 'input' mean the traffic from local to remote, and 'output' mean the traffic from remote to local?
2/ From the show command, there is a line ' Last input 5d01h, output 00:00:02, output hang never', what is the meaning of 'output hang never'?
Thanks, Leo
07-01-2008 05:14 PM
Question #1 is rather interesting. The answer is less simple than one might assume. Make sure you read the last paragraph.
I previously attempted to apply ACLs inbound and outbound on a tunnel interface to implement security policy. I first constructed ACLs to determine what would be matched in the two directions.
TCP/UDP/ICMP host-to-host traffic destined to the far-side network matched the "outbound" ACL applied on the local tunnel interface.
Host-to-host traffic from the far-side network matched the "inbound" ACL, as did EIGRP traffic from the far-side tunnel interface IP (unicasts and multicasts).
However, the "inbound" ACL also matched GRE packets with a source equal to the "tunnel source" (local ext. interface IP), and a destination equal to the "tunnel destination" (far-side ext. interface IP), which I had not expected.
07-02-2008 05:54 AM
Hi,
Here is the complete interface reading guide.
http://www.cisco.com/en/US/docs/ios/12_2/interface/command/reference/irfshoin.html#wp1022428
Thanks,
Dharmesh Purohti
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide