cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2118
Views
0
Helpful
4
Replies

Traffic not going through GRE Tunnel without manually shut and no shut

rahul-verma
Level 1
Level 1

Hi Guys,

i Have one 2851 router at one of our Customer HO which is connected to remote locations through Lease line via GRE Tunnel. HO has two connectivities. Primary through Lease Line and Secondary through Metro Ethernet. We have configured two GRE Tunnel taking source as both different Media i.e for primary tunnel source - one /30 block routed only towards Lease line by ISP and for secondary tunnel different /30 block routed towards backup Metro ethernet link.

Problem we are facing is , as we make Lease line down , All primary tunnels goes down ,traffic shift to backup tunnels and locations starts working and later if primary link cames up then primary tunnel cames up we are able to ping tunnel source and destination both from HO router and location router but we are not able to ping Tunnel ip address at other end

HO end

int tun 0

ip add 1.1.1.1 255.255.255.252

tunnel source x.x.x.x

tunnel destination y.y.y.y

remote end

int tun 0

ip add 1.1.1.2 255.255.255.252

tunnel source y.y.y.y

tunnel destination x.x.x.x

we are able to ping x.x.x.x taking source y.y.y.y but not able to ping 1.1.1.2 from HO router and not able to ping 1.1.1.1 from remote loc. router.

Customer Router is Cisco 2851.

Tunnels are configured with Keepalives to make auto failover from primary tunnels to secondary tunnels

Please suggest is this a problem with router IOS or what.

Thanks,

Rahul Verma

4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Rahul,

you should provide some more information on how you use the GRE tunnels:

Have you got a routing protocol running over them ?

The only problem after restore is limited to tunnel ip addresses and user traffic flows correctly on primary link or you face an out of service for user traffic too ?

Depending on the way you use the tunnels if different routing protocols are involved for example BGP and one IGP there can be a problem during the restore phase that you are fixing with the shut/no shut cycle

you need to verify in the routing table how you reach GRE endpoints during:

normal condition

during failure

after restore but before sh/no sh cycle

if you like you can post a filtered version of interesting parts of your configuration and the show commands described above

Edit:

I see you mention you are using GRE keepalives as a way to track GRE states so I suppose you are using floating static routes.

Hope to help

Giuseppe

Hi,

This Connectivity is like

HO has two links

1. Primary 2Mbps LL Link through PoP A. All Primary tunnels - Tunnel Destination IP Address is routed towards this link.

2. Secondary Metro Ethernet Backup link to PoP B. All Secondary Tunnel's -- Tunnel destination IP Address is routed towards this Sec. Backup link.

During normal functioning , Both Primary & Secondary tunnels remain up.

Static Routing is configured only on customer

ip route x.x.x.x Location -- Primary Tunnel

ip route x.x.x.x Location - Sec Tunnel 100

When primary link goes down, all primary tunnels to locations goes down as keepalives is configured ,which this router stops receiving.

However, Some backup secondary tunnels shows down during this time. Tunnel ip address at other end is not pingable.No traffic going through Tunnel. However, Tunnel destionation is pingable taking source as Tunnel Source IP Address.We have to go to config mode then manually shut and no shut to make traffic flow working through Secondary tunnel.

This is Cisco 2851 Router.

IOS = c2800nm-advipservicesk9-mz.124-20.T1.bin

interface Tunnel103

description *** Primary Tunnel****

ip address 11.11.11.9 255.255.255.252

ip mtu 1500

ip nat outside

no ip virtual-reassembly

keepalive 10 3

tunnel source Loopback1

tunnel destination 10.1.1.2

ROUTER#ping

Protocol [ip]:

Target IP address:10.1.1.2

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.2.1.1

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.65.65.49, timeout is 2 seconds:

Packet sent with a source address of 10.65..x.x

Success rate is 100 percent (5/5), round-trip min/avg/max = 80/112/160 ms

GGNINDIGO_HCL#ping 11.11.11.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 11.11.11.10, timeout is 2 seconds:

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms

ROUTER#sh conf

Regards,

Rahul..

Leo Laohoo
Hall of Fame
Hall of Fame

I agree with giuslar. Can you post more?

Danilo Dy
VIP Alumni
VIP Alumni

I wonder why you configure GRE Tunnel for a Leased Line and MetroE (unless MetroE is point-to-multipoint but Leased Line is point-to-point)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: