01-27-2009 10:12 AM - edited 03-04-2019 12:59 AM
Hi Guys,
i Have one 2851 router at one of our Customer HO which is connected to remote locations through Lease line via GRE Tunnel. HO has two connectivities. Primary through Lease Line and Secondary through Metro Ethernet. We have configured two GRE Tunnel taking source as both different Media i.e for primary tunnel source - one /30 block routed only towards Lease line by ISP and for secondary tunnel different /30 block routed towards backup Metro ethernet link.
Problem we are facing is , as we make Lease line down , All primary tunnels goes down ,traffic shift to backup tunnels and locations starts working and later if primary link cames up then primary tunnel cames up we are able to ping tunnel source and destination both from HO router and location router but we are not able to ping Tunnel ip address at other end
HO end
int tun 0
ip add 1.1.1.1 255.255.255.252
tunnel source x.x.x.x
tunnel destination y.y.y.y
remote end
int tun 0
ip add 1.1.1.2 255.255.255.252
tunnel source y.y.y.y
tunnel destination x.x.x.x
we are able to ping x.x.x.x taking source y.y.y.y but not able to ping 1.1.1.2 from HO router and not able to ping 1.1.1.1 from remote loc. router.
Customer Router is Cisco 2851.
Tunnels are configured with Keepalives to make auto failover from primary tunnels to secondary tunnels
Please suggest is this a problem with router IOS or what.
Thanks,
Rahul Verma
01-27-2009 11:21 AM
Hello Rahul,
you should provide some more information on how you use the GRE tunnels:
Have you got a routing protocol running over them ?
The only problem after restore is limited to tunnel ip addresses and user traffic flows correctly on primary link or you face an out of service for user traffic too ?
Depending on the way you use the tunnels if different routing protocols are involved for example BGP and one IGP there can be a problem during the restore phase that you are fixing with the shut/no shut cycle
you need to verify in the routing table how you reach GRE endpoints during:
normal condition
during failure
after restore but before sh/no sh cycle
if you like you can post a filtered version of interesting parts of your configuration and the show commands described above
Edit:
I see you mention you are using GRE keepalives as a way to track GRE states so I suppose you are using floating static routes.
Hope to help
Giuseppe
01-28-2009 12:06 PM
Hi,
This Connectivity is like
HO has two links
1. Primary 2Mbps LL Link through PoP A. All Primary tunnels - Tunnel Destination IP Address is routed towards this link.
2. Secondary Metro Ethernet Backup link to PoP B. All Secondary Tunnel's -- Tunnel destination IP Address is routed towards this Sec. Backup link.
During normal functioning , Both Primary & Secondary tunnels remain up.
Static Routing is configured only on customer
ip route x.x.x.x Location -- Primary Tunnel
ip route x.x.x.x Location - Sec Tunnel 100
When primary link goes down, all primary tunnels to locations goes down as keepalives is configured ,which this router stops receiving.
However, Some backup secondary tunnels shows down during this time. Tunnel ip address at other end is not pingable.No traffic going through Tunnel. However, Tunnel destionation is pingable taking source as Tunnel Source IP Address.We have to go to config mode then manually shut and no shut to make traffic flow working through Secondary tunnel.
This is Cisco 2851 Router.
IOS = c2800nm-advipservicesk9-mz.124-20.T1.bin
interface Tunnel103
description *** Primary Tunnel****
ip address 11.11.11.9 255.255.255.252
ip mtu 1500
ip nat outside
no ip virtual-reassembly
keepalive 10 3
tunnel source Loopback1
tunnel destination 10.1.1.2
ROUTER#ping
Protocol [ip]:
Target IP address:10.1.1.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.2.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.65.65.49, timeout is 2 seconds:
Packet sent with a source address of 10.65..x.x
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/112/160 ms
GGNINDIGO_HCL#ping 11.11.11.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.10, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
ROUTER#sh conf
Regards,
Rahul..
01-27-2009 08:05 PM
I agree with giuslar. Can you post more?
01-27-2009 10:19 PM
I wonder why you configure GRE Tunnel for a Leased Line and MetroE (unless MetroE is point-to-multipoint but Leased Line is point-to-point)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: