06-07-2010 10:03 AM - edited 03-06-2019 11:27 AM
I have a gre over ipsec tunnel setup and looking at the eigrp neighbors, the tunnel goes down after about 1min 15sec.
No issues with the Internet circuit (ie. IPSEC goes over the Internet between 2 firewalls).
I ran a debug on eigrp and I get... any idea?
*Mar 25 14:53:46.684: EIGRP: Retransmission retry limit exceeded
*Mar 25 14:53:46.693: EIGRP: Holdtime expired
*Mar 25 14:53:46.693: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.254.25
(Tunnel0) is down: retry limit exceeded
*Mar 25 14:53:46.693: Going down: Peer 192.168.254.25 total=2 stub 0, iidb-stub=0 iid-all=0
*Mar 25 14:53:46.693: EIGRP: Handle deallocation failure [0]
*Mar 25 14:53:46.693: EIGRP: Neighbor 192.168.254.25 went down on Tunnel0
*Mar 25 14:53:49.637: EIGRP: New peer 192.168.254.25
*Mar 25 14:53:49.637: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.254.25
(Tunnel0) is up: new adjacency
*Mar 25 14:53:59.662: EIGRP: Retransmission retry limit exceeded
*Mar 25 14:53:59.670: EIGRP: Holdtime expired
*Mar 25 14:53:59.670: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.254.29
(Tunnel1) is down: retry limit exceeded
*Mar 25 14:53:59.670: Going down: Peer 192.168.254.29 total=2 stub 0, iidb-stub=0 iid-all=0
*Mar 25 14:53:59.670: EIGRP: Handle deallocation failure [1]
*Mar 25 14:53:59.670: EIGRP: Neighbor 192.168.254.29 went down on Tunnel1
*Mar 25 14:54:03.277: EIGRP: New peer 192.168.254.29
*Mar 25 14:54:03.277: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.254.29
(Tunnel1) is up: new adjacency
*Mar 25 14:55:09.279: EIGRP: Retransmission retry limit exceeded
*Mar 25 14:55:09.287: EIGRP: Holdtime expired
*Mar 25 14:55:09.287: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.254.25
(Tunnel0) is down: retry limit exceeded
*Mar 25 14:55:09.287: Going down: Peer 192.168.254.25 total=2 stub 0, iidb-stub=0 iid-all=0
*Mar 25 14:55:09.287: EIGRP: Handle deallocation failure [0]
*Mar 25 14:55:09.287: EIGRP: Neighbor 192.168.254.25 went down on Tunnel0
*Mar 25 14:55:13.037: EIGRP: New peer 192.168.254.25
*Mar 25 14:55:13.037: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.254.25
(Tunnel0) is up: new adjacency
06-07-2010 10:14 AM
Hello Ron,
you may be facing an MTU problem when sending updates to neighbor
>> *Mar 25 14:55:09.279: EIGRP: Retransmission retry limit exceeded
This is a very specific issue that can originate depending on the prefix length of routes advertised, because the number of bytes used for a route depends on prefix length.
post
sh ip int tunnel1
Hope to help
Giuseppe
06-07-2010 11:39 AM
Tunnel0 is up, line protocol is up
Internet address is 192.168.254.26/30
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1476 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.10
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
Output features: Check hwidb
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
06-09-2010 10:10 AM
I would check your routing tables as when doing to GRE tunnels with a routing protocol you need to ensure that you will not learn the tunnel destination addresses through the tunnel once the protocol forms the adjacency. Basically, you see the tunnel up, EIGRP forms, then hold time expires, tunnel drops -- repeat.
I could be wrong but that's what it looks like to me with the debug stating tunnel up, EIGRP new adjacency, hold-timer expires, tunnel drops.
So check your routing tables or post them and I'll take a look at them to ensure your not learning your tunnel destination addresses through the tunnel.
Thanks,
TJM
HTH
06-09-2010 02:31 PM
Hello TJ,
actually the log messages don't show that the tunnel goes down but only the EIGRP neighborship over it
For this reason I thought of the question of MTU and EIGRP routing updates, there was an older thread about this with EIGRP failing in sending a specific update causing EIGRP neighborship to be torn down
I agree that if the tunnel goes down (line protocol down) the issue is wrong recursive routing as you have explained
Hope to help
Giuseppe
10-11-2016 09:46 PM
Hi,
I had similar issue - those messages appeared on the hub after enabling eigrp neighbors debug:
*Oct 11 14:40:55.035: EIGRP: Retransmission retry limit exceeded
*Oct 11 14:40:55.043: EIGRP: Holdtime expired
*Oct 11 14:40:55.047: %DUAL-5-NBRCHANGE: EIGRP-IPv4 3: Neighbor 33.0.0.5 (Tunnel 33) is down: retry limit exceeded
R4#
*Oct 11 14:40:55.047: Going down: Peer 33.0.0.5 total=3 stub 0, iidb-stub=0 iid- all=1
*Oct 11 14:40:55.051: EIGRP: Handle deallocation failure [3]
*Oct 11 14:40:55.063: EIGRP: Neighbor 33.0.0.5 went down on Tunnel33
R4#
*Oct 11 14:40:59.351: EIGRP: New peer 33.0.0.5
R4#
*Oct 11 14:40:59.351: %DUAL-5-NBRCHANGE: EIGRP-IPv4 3: Neighbor 33.0.0.5 (Tunnel 33) is up: new adjacency
R4#
*Oct 11 14:41:22.531: EIGRP: Holdtime expired
*Oct 11 14:41:22.531: %DUAL-5-NBRCHANGE: EIGRP-IPv4 3: Neighbor 33.0.0.1 (Tunnel 33) is down: holding time expired
interface Tunnel33
ip address 33.0.0.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map 33.0.0.4 10.1.4.4
ip nhrp network-id 33
ip nhrp nhs 33.0.0.4 <----------- (it was 10.1.4.4 before)
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 33
end
I found out that I had wrong nhs ip address configured under tunel interface on spokes- it pointed to tunnel destination ip instead to tunnel IP on nhs(hub).
After I changed, issue disappeared.
I hope this helps.
10-11-2016 11:59 PM
Thank you for posting this. It is a good reminder of what can happen when an incorrect IP address is configured for nhs. The neighbor sends us an EIGRP hello and we create the neighbor relationship. We are sending EIGRP hello (to the wrong address) but get no response to our hello and then terminate the neighbor.
HTH
Rick
10-12-2016 04:43 AM
Hi Richard,
I recreated dmvpn config (topology attached).
What I did - I configured eigrp between physical links in named mode - all was working fine.Neighbors did not flap, routes were learned.
However when created new eigrp process and added only tunnel interfaces plus added commands on tunnel interface:
R4(hub)
int tu33
ip nhrp map multicast dynamic
no ip split-horizon eigrp 33
R1 and R5 (spokes)
int tu33
ip nhrp map multicast 10.1.4.4
I faced issue with re-transmission again:
And I faced issue with re-transmission time again:
*Oct 11 22:29:34.593: EIGRP: Retransmission retry limit exceeded
*Oct 11 22:29:34.601: EIGRP: Holdtime expired
*Oct 11 22:29:34.601: %DUAL-5-NBRCHANGE: EIGRP-IPv4 3: Neighbor 33.0.0.1 (Tunnel33) is down: retry limit exceeded
*Oct 11 22:29:34.601: Going down: Peer 33.0.0.1 total=3 stub 0, iidb-stub=0 iid-all=1
*Oct 11 22:29:34.601: EIGRP: Handle deallocation failure [2]
*Oct 11 22:29:34.605: EIGRP: Neighbor 33.0.0.1 went down on Tunnel33
*Oct 11 22:29:34.993: EIGRP: Retransmission retry limit exceeded
*Oct 11 22:29:35.005: EIGRP: Holdtime expired
*Oct 11 22:29:35.005: %DUAL-5-NBRCHANGE: EIGRP-IPv4 3: Neighbor 33.0.0.
That is very strange.
03-22-2015 01:37 PM
same issue i encountered while simulating DMVPN, i only see this error on R4 only not on R2, since it cannot see R4 as its neighbor. I re-check my configuration on Spokes tunnel 0 interface and there i found a wrong IP address. after correcting, eigrp neighbor established on each side.
R4#
*Mar 1 01:57:15.887: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.10.99.2 (Tunnel0) is down: retry limit exceeded
R4#sh ip ei
*Mar 1 01:57:19.083: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.10.99.2 (Tunnel0) is up: new adjacency
R4#R4#
*Mar 1 01:57:15.887: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.10.99.2 (Tunnel0) is down: retry limit exceeded
R4#sh ip ei
*Mar 1 01:57:19.083: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.10.99.2 (Tunnel0) is up: new adjacency
R4#
do you still remember how you resolved your issue?
regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: