01-03-2014 04:51 AM - edited 03-07-2019 05:21 PM
Hi folks
I've been trying to understand a problem I have for some time now and need some assistance.
I have four Cisco 1921 routers connected as shown below. Two routers at each site using VRRP towards the local LANs and OSPF between each other. I'm aiming for a high redundancy setup where the carrier network between the routers is an operator provided solution using 3G. I intend to have the routers connect to each other over the 3G solution using either GRE och IPIP, no need for encryption.
HQ router1
interface Loopback0
ip address 172.16.12.254 255.255.255.255
ip ospf 1 area 0
end
interface Tunnel3
description HQ2Remote
bandwidth 10000
ip address 172.16.12.3 255.255.255.255
ip ospf network point-to-point
ip ospf dead-interval 8
ip ospf hello-interval 3
ip ospf 1 area 0
ip ospf cost 1
keepalive 10 3
tunnel source Loopback0
tunnel mode ipip
tunnel destination 172.16.11.5
tunnel path-mtu-discovery
end
Remote router 1
interface Tunnel3
description Remote2HQ
bandwidth 10000
ip vrf forwarding blue
ip address 172.16.12.11 255.255.255.255
ip ospf network point-to-point
ip ospf dead-interval 8
ip ospf hello-interval 3
ip ospf 1 area 0
ip ospf cost 1
keepalive 10 3
tunnel source GigabitEthernet0/0.108
tunnel mode ipip
tunnel destination 172.16.12.254
tunnel path-mtu-discovery
tunnel vrf blue
end
Routing is working, the routers can ping the respective destination IP AND the tunnel goes up initially. Now, 3G being as it is the signal quality sometime drops and the tunnel with it...that is expected. What bothers me is that "sometimes" when the communication comes up again the tunnels do not. I can ping the end points but the tunnel remains down until I change the tunnel mode from IPIP to GRE or from GRE to IPIP.
It feels almost like the routers need to be remided that there is a tunnel to check but I mean, come on, what is this?!
Regards
Fredrik
01-03-2014 05:38 AM
Fredrik,
This is a blind shot - but can you remove all keepalive commands from your tunnels? Keepalives are supported with GRE; I do not know if there is any similar functionality implemented with IPIP tunnels.
Best regards,
Peter
01-03-2014 05:42 AM
I just recently added the keepalive option, and your right, IPIP does not have that option. I added the keepalive to try to get some insight into what's happening to the tunnels. Without keepalive the tunnels remain up as expected but OSPF never forms an adjacency and debug ip ospf adj and event never give me any insight...until I change from IPIP to GRE, then everything comes up.
/Fredrik
01-03-2014 06:15 AM
Fredrik,
Is it possible that some firewall along the tunnel's path is filtering IP-in-IP packets? GRE tunnels use IP protocol number 47, IP-in-IP tunnels use IP protocol number 94. If there is any firewall along the path, it is worth verifying if IP-in-IP is permitted.
One more thing - is the tunnel configuration really the one you are using? I do not believe the IOS has actually allowed you to use a /32 netmask on the tunnel interface.
Best regards,
Peter
01-06-2014 09:14 AM
There is, as I know, no firewalling function between my routers. Wouldn't this drop my tunnels altorether and never allow for a conenction? My problem is that the tunnels disconnect and won't reconnect until I change both ends from GRE to IPIP or from IPIP to GRE. Example: one of my router pairs has one tunnel set up with GRE and the other with IPIP. Neither tunnel is connecting. I change the GRE to IPIP and the IPIP to GRE and without a glitch both tunnels goes up and OSPF establishes.
The config extracts above are the live ones. I used a common loopback interface as unnumbered interface with a /32 IP on each router but dropped that for individual /32 IPs on all tunnel interfaces as a way to trouble shoot my problem.
/Fredrik
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: