cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10212
Views
5
Helpful
8
Replies

gre tunnel constantly goes down

ronshuster
Level 1
Level 1

I have a gre over ipsec tunnel setup and looking at the eigrp neighbors, the tunnel goes down after about 1min 15sec.

No issues with the Internet circuit (ie. IPSEC goes over the Internet between 2 firewalls).

I ran a debug on eigrp and I get... any  idea?

*Mar 25 14:53:46.684: EIGRP: Retransmission retry limit exceeded

*Mar 25 14:53:46.693: EIGRP: Holdtime expired

*Mar 25 14:53:46.693: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.254.25

(Tunnel0) is down: retry limit exceeded

*Mar 25 14:53:46.693: Going down: Peer 192.168.254.25 total=2 stub 0, iidb-stub=0 iid-all=0

*Mar 25 14:53:46.693: EIGRP: Handle deallocation failure [0]

*Mar 25 14:53:46.693: EIGRP: Neighbor 192.168.254.25 went down on Tunnel0

*Mar 25 14:53:49.637: EIGRP: New peer 192.168.254.25

*Mar 25 14:53:49.637: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.254.25

(Tunnel0) is up: new adjacency

*Mar 25 14:53:59.662: EIGRP: Retransmission retry limit exceeded

*Mar 25 14:53:59.670: EIGRP: Holdtime expired

*Mar 25 14:53:59.670: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.254.29

(Tunnel1) is down: retry limit exceeded

*Mar 25 14:53:59.670: Going down: Peer 192.168.254.29 total=2 stub 0, iidb-stub=0 iid-all=0

*Mar 25 14:53:59.670: EIGRP: Handle deallocation failure [1]

*Mar 25 14:53:59.670: EIGRP: Neighbor 192.168.254.29 went down on Tunnel1

*Mar 25 14:54:03.277: EIGRP: New peer 192.168.254.29

*Mar 25 14:54:03.277: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.254.29

(Tunnel1) is up: new adjacency

*Mar 25 14:55:09.279: EIGRP: Retransmission retry limit exceeded

*Mar 25 14:55:09.287: EIGRP: Holdtime expired

*Mar 25 14:55:09.287: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.254.25

(Tunnel0) is down: retry limit exceeded

*Mar 25 14:55:09.287: Going down: Peer 192.168.254.25 total=2 stub 0, iidb-stub=0 iid-all=0

*Mar 25 14:55:09.287: EIGRP: Handle deallocation failure [0]

*Mar 25 14:55:09.287: EIGRP: Neighbor 192.168.254.25 went down on Tunnel0

*Mar 25 14:55:13.037: EIGRP: New peer 192.168.254.25

*Mar 25 14:55:13.037: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.254.25

(Tunnel0) is up: new adjacency              

8 Replies 8

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Ron,

you may be facing an MTU problem when sending updates to neighbor

>> *Mar 25 14:55:09.279: EIGRP: Retransmission retry limit exceeded

This is a very specific issue that can originate depending on the prefix length of routes advertised, because the number of bytes used for a route depends on prefix length.

post

sh ip int tunnel1

Hope to help

Giuseppe

Tunnel0 is up, line protocol is up
  Internet address is 192.168.254.26/30
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1476 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.10
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP CEF switching is enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Probe proxy name replies are disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  Input features: MCI Check
  Output features: Check hwidb
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled                  

I would check your routing tables as when doing to GRE tunnels with a routing protocol you need to ensure that you will not learn the tunnel destination addresses through the tunnel once the protocol forms the adjacency. Basically, you see the tunnel up, EIGRP forms, then hold time expires, tunnel drops -- repeat.

I could be wrong but that's what it looks like to me with the debug stating tunnel up, EIGRP new adjacency, hold-timer expires, tunnel drops.

So check your routing tables or post them and I'll take a look at them to ensure your not learning your tunnel destination addresses through the tunnel.

Thanks,

TJM

HTH

Hello TJ,

actually the log messages don't show that the tunnel goes down but only the EIGRP neighborship over it

For this reason I thought of the question of MTU and EIGRP routing updates, there was an older thread about this with EIGRP failing in sending a specific update causing EIGRP neighborship to be torn down

I agree that if the tunnel goes down (line protocol down)  the issue is wrong recursive routing as you have explained

Hope to help

Giuseppe

Hi, 

I had similar issue - those messages appeared on the hub after enabling eigrp neighbors debug: 

*Oct 11 14:40:55.035: EIGRP: Retransmission retry limit exceeded
*Oct 11 14:40:55.043: EIGRP: Holdtime expired
*Oct 11 14:40:55.047: %DUAL-5-NBRCHANGE: EIGRP-IPv4 3: Neighbor 33.0.0.5 (Tunnel 33) is down: retry limit exceeded
R4#
*Oct 11 14:40:55.047: Going down: Peer 33.0.0.5 total=3 stub 0, iidb-stub=0 iid- all=1
*Oct 11 14:40:55.051: EIGRP: Handle deallocation failure [3]
*Oct 11 14:40:55.063: EIGRP: Neighbor 33.0.0.5 went down on Tunnel33
R4#
*Oct 11 14:40:59.351: EIGRP: New peer 33.0.0.5
R4#
*Oct 11 14:40:59.351: %DUAL-5-NBRCHANGE: EIGRP-IPv4 3: Neighbor 33.0.0.5 (Tunnel 33) is up: new adjacency
R4#
*Oct 11 14:41:22.531: EIGRP: Holdtime expired
*Oct 11 14:41:22.531: %DUAL-5-NBRCHANGE: EIGRP-IPv4 3: Neighbor 33.0.0.1 (Tunnel 33) is down: holding time expired

interface Tunnel33
ip address 33.0.0.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map 33.0.0.4 10.1.4.4
ip nhrp network-id 33
ip nhrp nhs 33.0.0.4  <----------- (it was 10.1.4.4 before) 
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 33
end

I found out that I had wrong nhs ip address configured under tunel interface on spokes- it pointed to tunnel destination ip instead to tunnel IP on nhs(hub). 

After I changed, issue disappeared. 

I hope this helps. 

Thank you for posting this. It is a good reminder of what can happen when an incorrect IP address is configured for nhs. The neighbor sends us an EIGRP hello and we create the neighbor relationship. We are sending EIGRP hello (to the wrong address) but get no response to our hello and then terminate the neighbor.

HTH

Rick

HTH

Rick

Hi Richard, 

I recreated dmvpn config (topology attached).

What I did - I configured eigrp between physical links in named mode - all was working fine.Neighbors did not flap, routes were learned. 

However when created new eigrp process and added only tunnel interfaces plus added commands on tunnel interface: 

R4(hub)

int tu33

ip nhrp map multicast dynamic

no ip split-horizon eigrp 33

R1 and R5 (spokes)

int tu33

ip nhrp map multicast 10.1.4.4

I faced issue with re-transmission again: 

And I faced issue with re-transmission time again: 

*Oct 11 22:29:34.593: EIGRP: Retransmission retry limit exceeded
*Oct 11 22:29:34.601: EIGRP: Holdtime expired
*Oct 11 22:29:34.601: %DUAL-5-NBRCHANGE: EIGRP-IPv4 3: Neighbor 33.0.0.1 (Tunnel33) is down: retry limit exceeded
*Oct 11 22:29:34.601: Going down: Peer 33.0.0.1 total=3 stub 0, iidb-stub=0 iid-all=1
*Oct 11 22:29:34.601: EIGRP: Handle deallocation failure [2]
*Oct 11 22:29:34.605: EIGRP: Neighbor 33.0.0.1 went down on Tunnel33
*Oct 11 22:29:34.993: EIGRP: Retransmission retry limit exceeded
*Oct 11 22:29:35.005: EIGRP: Holdtime expired
*Oct 11 22:29:35.005: %DUAL-5-NBRCHANGE: EIGRP-IPv4 3: Neighbor 33.0.0.

That is very strange. 

bbb bbb
Level 1
Level 1

@ronshuster

same issue i encountered while simulating DMVPN, i only see this error on R4 only not on R2, since it cannot see R4 as its neighbor. I re-check my configuration on Spokes tunnel 0 interface and there i found a wrong IP address. after correcting, eigrp neighbor established on each side.

 

R4#
*Mar  1 01:57:15.887: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.10.99.2 (Tunnel0) is down: retry limit exceeded
R4#sh ip ei
*Mar  1 01:57:19.083: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.10.99.2 (Tunnel0) is up: new adjacency
R4#R4#
*Mar  1 01:57:15.887: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.10.99.2 (Tunnel0) is down: retry limit exceeded
R4#sh ip ei
*Mar  1 01:57:19.083: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.10.99.2 (Tunnel0) is up: new adjacency
R4#

 

do you still remember how you resolved your issue?

 

regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: