I have an annoying problem with a gre tunnel using keepalives and the tunnel interface on the PE residing in a vrf.
The background for my setup is an ethernet WAN link to our customer where the interface doesn't go down when the link fails.
Therefore I want to use an gre tunnel with keepalive in order to use static routes.
The tunnel setup is as follows:
1. PE, 6509, Sup720, IOS 12.2(18)SXF7
ip address xx.yy.zz.241 255.255.255.252
no mop enabled
ip vrf forwarding CUSTOMER
ip address 10.0.0.101 255.255.255.252
keepalive 5 3
tunnel source xx.yy.zz.241
tunnel destination xx.yy.zz.242
2. CE, 1803, IOS 12.4(15)T8
ip address xx.yy.zz.242 255.255.255.252
ip address 10.0.0.102 255.255.255.252
keepalive 5 3
tunnel source xx.yy.zz.242
tunnel destination xx.yy.zz.241
The problem is PE sends and receives keepalives and brings up the tunnel. CE on the other hand sends but doesn't receive keepalives.
As far as I have learned from former discussions the problem comes from tunnel and physical interface belonging to different routing instances. If I put the tunnel interface on PE into the global routing instance all the keepalives reach their destinations as expected.
I read about a solution involving "tunnel vrf" on th etunnel configuration. This command is not present in my IOS version but AFAIK it is only necessary for having the underlying physical interface in a vrf as well.
Furthermore I read about "mls mpls tunnel-recir" but I am not sure whether this might solve the issue here. And equally important: Can I safely turn on this feature on a running system with quite a lot of vrf customers without any trouble?
Any hint and/or advise is greatly appreciated here.
Thanks a lot in advance,