cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1209
Views
0
Helpful
4
Replies

Down GRE tunnel goes up after change to IPIP

hoffa2000
Level 3
Level 3

Hi folks

I've been trying to understand a problem I have for some time now and need some assistance.

I have four Cisco 1921 routers connected as shown below. Two routers at each site using VRRP towards the local LANs and OSPF between each other. I'm aiming for a high redundancy setup where the carrier network between the routers is an operator provided solution using 3G. I intend to have the routers connect to each other over the 3G solution using either GRE och IPIP, no need for encryption.

Design.jpg

HQ router1

interface Loopback0

ip address 172.16.12.254 255.255.255.255

ip ospf 1 area 0

end

interface Tunnel3

description HQ2Remote

bandwidth 10000

ip address 172.16.12.3 255.255.255.255

ip ospf network point-to-point

ip ospf dead-interval 8

ip ospf hello-interval 3

ip ospf 1 area 0

ip ospf cost 1

keepalive 10 3

tunnel source Loopback0

tunnel mode ipip

tunnel destination 172.16.11.5

tunnel path-mtu-discovery

end

Remote router 1

interface Tunnel3

description Remote2HQ

bandwidth 10000

ip vrf forwarding blue

ip address 172.16.12.11 255.255.255.255

ip ospf network point-to-point

ip ospf dead-interval 8

ip ospf hello-interval 3

ip ospf 1 area 0

ip ospf cost 1

keepalive 10 3

tunnel source GigabitEthernet0/0.108

tunnel mode ipip

tunnel destination 172.16.12.254

tunnel path-mtu-discovery

tunnel vrf blue

end

Routing is working, the routers can ping the respective destination IP AND the tunnel goes up initially. Now, 3G being as it is the signal quality sometime drops and the tunnel with it...that is expected. What bothers me is that "sometimes" when the communication comes up again the tunnels do not. I can ping the end points but the tunnel remains down until I change the tunnel mode from IPIP to GRE or from GRE to IPIP.

It feels almost like the routers need to be remided that there is a tunnel to check but I mean, come on, what is this?!

Regards

Fredrik

4 Replies 4

Peter Paluch
Cisco Employee
Cisco Employee

Fredrik,

This is a blind shot - but can you remove all keepalive commands from your tunnels? Keepalives are supported with GRE; I do not know if there is any similar functionality implemented with IPIP tunnels.

Best regards,

Peter

I just recently added the keepalive option, and your right, IPIP does not have that option. I added the keepalive to try to get some insight into what's happening to the tunnels. Without keepalive the tunnels remain up as expected but OSPF never forms an adjacency and debug ip ospf adj and event never give me any insight...until I change from IPIP to GRE, then everything comes up.

/Fredrik

Fredrik,

Is it possible that some firewall along the tunnel's path is filtering IP-in-IP packets? GRE tunnels use IP protocol number 47, IP-in-IP tunnels use IP protocol number 94. If there is any firewall along the path, it is worth verifying if IP-in-IP is permitted.

One more thing - is the tunnel configuration really the one you are using? I do not believe the IOS has actually allowed you to use a /32 netmask on the tunnel interface.

Best regards,

Peter

There is, as I know, no firewalling function between my routers. Wouldn't this drop my tunnels altorether and never allow for a conenction? My problem is that the tunnels disconnect and won't reconnect until I change both ends from GRE to IPIP or from IPIP to GRE. Example: one of my router pairs has one tunnel set up with GRE and the other with IPIP. Neither tunnel is connecting. I change the GRE to IPIP and the IPIP to GRE and without a glitch both tunnels goes up and OSPF establishes.

The config extracts above are the live ones. I used a common loopback interface as unnumbered interface with a /32 IP on each router but dropped that for individual /32 IPs on all tunnel interfaces as a way to trouble shoot my problem.

/Fredrik

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: