Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
35499
Views
0
Helpful
3
Replies

EIGRP retry limit exceeded

Go to solution
santoshdpawar
Level 1
Level 1

‎04-26-2012 11:35 PM - edited ‎03-04-2019 04:10 PM

Hi Guyes, I am observing a strang issue in EIGRP neighborship. HUB and SPOKE has IPSEC with tunnels built. EIGRP runs over the Tunnel. I can see neighborship established on SPOKE but stays up for only approx 70 -75 sec. I do not see any Q count on SPOKE where HUB reports high Q count. HUB : sh ip eigr nei IP-EIGRP neighbors for process 31 H  Address                Interface      Hold Uptime  SRTT  RTO  Q  Seq                                             (sec)        (ms)      Cnt Num 34  172.31.97.58            Tu23058          14 00:00:33    1  5000 25  167161 >>>>>>>>>>>>>>22  172.31.96.251          Tu13251          11 00:00:45    1  5000 26  2062 SPOKE : sh ip eig nei IP-EIGRP neighbors for process 31 H  Address                Interface      Hold Uptime  SRTT  RTO  Q  Seq                                             (sec)        (ms)      Cnt Num 1  172.31.96.13            Tu2              13 00:00:24 1490  5000  0  165935137  >>>>>>>>>>>0  172.31.96.2            Tu1              13 04:52:34  70  420  0  1331267714 SPOKE has one more tunnel ( Tunnel1) built over the same source (tunnel source) and is stable. HUB router has almost 45 other tunnels which are stable. Need your advise. Best regards Santosh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎04-27-2012 12:33 AM

Hello Santosh,

your issue looks like similar to an older thread.

In that case the root cause was an MTU problem that involved EIGRP update packets,

Likely HUB router has much more IP prefixes to advertise to the spoke router and  this leads to more EIGRP update packets of bigger size, in comparison with the update packets sent from the spoke router.

EIGRP builds the update packets in a way that depend from prefix length (network mask) so it can try to push N prefixes in a single packet and this can lead to the problem if the resulting packet length is too big.

each prefix takes a certain amount of bytes and your scenario has IPSec (and GRE I suppose) so actually for the GRE and IPSec overhead a reduced MTU is actually avaialble,

see

https://supportforums.cisco.com/message/3116882#3116882

this could explain why you have a Q count of zero on spoke side and a non zero Q count on hub side. The hub router when EIGRP retry limit exceeded is detected resets the EIGRP neighborship with the spoke and this leads to the observed EIGRP neighborship instability.

see also

https://supportforums.cisco.com/message/802260#802260

as showed here you could lower IP MTU on the GRE over IPSEc tunnel and check again if this fixes your issue.

Hope to help

Giuseppe

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎04-27-2012 12:33 AM

Hello Santosh,

your issue looks like similar to an older thread.

In that case the root cause was an MTU problem that involved EIGRP update packets,

Likely HUB router has much more IP prefixes to advertise to the spoke router and  this leads to more EIGRP update packets of bigger size, in comparison with the update packets sent from the spoke router.

EIGRP builds the update packets in a way that depend from prefix length (network mask) so it can try to push N prefixes in a single packet and this can lead to the problem if the resulting packet length is too big.

each prefix takes a certain amount of bytes and your scenario has IPSec (and GRE I suppose) so actually for the GRE and IPSec overhead a reduced MTU is actually avaialble,

see

https://supportforums.cisco.com/message/3116882#3116882

this could explain why you have a Q count of zero on spoke side and a non zero Q count on hub side. The hub router when EIGRP retry limit exceeded is detected resets the EIGRP neighborship with the spoke and this leads to the observed EIGRP neighborship instability.

see also

https://supportforums.cisco.com/message/802260#802260

as showed here you could lower IP MTU on the GRE over IPSEc tunnel and check again if this fixes your issue.

Hope to help

Giuseppe

0 Helpful

Go to solution
santoshdpawar
Level 1
Level 1
In response to Giuseppe Larosa

‎04-27-2012 01:15 AM

Hi Giuseppe,

Great. It worked. I have changed MTU to 1200. The SPOKE site is on SDSL.

What should be the exact MTU required to be set on the tunnels. 1276 or any other lesser one ?

Thanks a lot.

Best regards,

Santosh 

  

0 Helpful

Go to solution
Bekzod Fakhriddinov
Level 4
Level 4
In response to Giuseppe Larosa

‎05-20-2015 11:37 AM

do we need to reduce mtu size on  hub too ? if yes on all spokes too ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card