Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

vrf-lite through GRE tunnel

Can ANYONE help; I cannot get my EIGRP neighbors to sync up across the VRF-Lite/GRE tunnel between R2 and R4.

When I apply the tunnel vrf DMZ to both tunnel99, both tunnel99 shut down automatically.

Thanks for any assistance

BTW, I am trying to share routing tables between R1 and R3 via R2/R4 cloud.

The link between R2/R4 is routed and used by many other groups so I cannot modify this link.

Topology:
                Tunnel99
R1--------R2-----------------R4---------R3
           .18             .17

Configurations:

R2#
ip vrf DMZ
rd 64701:35
route-target export 64701:35
route-target import 64701:35
!
interface GigabitEthernet0/0
ip address 10.64.241.18 255.255.255.252
!
interface Tunnel99
ip unnumbered GigabitEthernet0/0
keepalive 12 36
tunnel source GigabitEthernet0/0
tunnel destination 10.64.241.17
!
interface FastEthernet0/0/2
switchport access vlan 99
!
interface Vlan99
ip vrf forwarding DMZ
ip address 172.20.2.2 255.255.255.248
!
router eigrp 100
!
address-family ipv4 vrf DMZ
  network 172.20.2.0 0.0.0.7
  no auto-summary
  autonomous-system 55
exit-address-family

R4#
ip vrf DMZ
description Bedford <===> McLean DMZs PTP
rd 64701:35
route-target export 64701:35
route-target import 64701:35
!
interface Tunnel99
ip unnumbered GigabitEthernet0/0
tunnel source GigabitEthernet0/0
tunnel destination 10.64.241.18
!
interface GigabitEthernet0/0
ip address 10.64.241.17 255.255.255.252
!
interface FastEthernet0/0/2
switchport access vlan 99
!
interface Vlan99
ip vrf forwarding DMZ
ip address 172.20.2.3 255.255.255.248
!
router eigrp 100
!
address-family ipv4 vrf DMZ
  network 172.20.2.0 0.0.0.7
  no auto-summary
  autonomous-system 55
exit-address-family


R2
Interface                  IP-Address      OK? Method Status  Protocol
GigabitEthernet0/0         10.64.241.18    YES manual up      up     
FastEthernet0/0/2          unassigned      YES unset  up      up     
Vlan99                     172.20.2.2      YES manual up      up     
Tunnel99                   10.64.241.18    YES TFTP   up      up     

R4
Interface                  IP-Address      OK? Method Status Protocol
GigabitEthernet0/0         10.64.241.17    YES NVRAM  up     up     
FastEthernet0/0/2          unassigned      YES unset  up     up
Vlan99                     172.20.2.3      YES manual up     up     
Tunnel99                   10.64.241.17    YES TFTP   up     up     

R2#sh ip eigrp vrf DMZ nei
IP-EIGRP neighbors for process 55
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.20.2.1              Vl99              11 02:33:10    3   200  0  18


R4#sh ip eigrp vrf DMZ nei
sh ip eigrp vrf DMZ neighbors
IP-EIGRP neighbors for process 55
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.20.2.4              Vl99              13 01:17:56    2   200  0  16

1 ACCEPTED SOLUTION

Accepted Solutions

Re: vrf-lite through GRE tunnel

Hi,

if the tunnel IP belongs to a VRF and the tunnel source/destination to another (or to the global context), you cannot use keepalives.

This config should work:

R2:

interface Tunnel 99

ip vrf forwarding DMZ

ip unnumbered VLAN99

tunnel source Gi0/0

tunnel destination 10.64.241.17

no keepalive

!

R4:

interface Tunnel99

ip vrf forwarding DMZ

ip unnumbered VLAN99

tunnel source Gi0/0

tunnel destination 10.64.241.18

no keepalive

!

HTH

Rolf

3 REPLIES

Re: vrf-lite through GRE tunnel

Hi,

if the tunnel IP belongs to a VRF and the tunnel source/destination to another (or to the global context), you cannot use keepalives.

This config should work:

R2:

interface Tunnel 99

ip vrf forwarding DMZ

ip unnumbered VLAN99

tunnel source Gi0/0

tunnel destination 10.64.241.17

no keepalive

!

R4:

interface Tunnel99

ip vrf forwarding DMZ

ip unnumbered VLAN99

tunnel source Gi0/0

tunnel destination 10.64.241.18

no keepalive

!

HTH

Rolf

vrf-lite through GRE tunnel

One more note:

You're using the same IP subnet for VLAN99 on both sides of the tunnel.

GRE is a layer-3 tunnel protocol, so you should assign another subnet on one side and use a (extra) common subnet for the tunnel.

The partitioning of VLAN99  with a GRE-tunnel will lead to connectivity problems.

Best regards

Rolf

Bronze

vrf-lite through GRE tunnel

Hey Bolf,

YES YES YES, silly me, GRE keepalives and vrf-Lite do not mix.

THANK YOU

Operating as designed!!

Best Regards

Frank

1704
Views
0
Helpful
3
Replies
CreatePlease login to create content