08-22-2012 08:34 AM - edited 03-04-2019 05:20 PM
Hello,
I am implementing a mGRE tunnel between 4 locations (routers):
r7200 - Hub and NHS = ip 10.0.78.1
r1841 - Spoke = 10.0.78.2
r1841 - Spoke = 10.0.78.3
r871 - Spoke = 10.0.78.4
the mGRE Tunnels are configure as follows:
r7200 - 10.0.78.1
interface Tunnel78
ip address 10.0.78.1 255.255.255.248
no ip redirects
ip nhrp authentication xxx
ip nhrp responder Loopback0
ip nhrp map multicast dynamic
ip nhrp network-id 78
ip nhrp holdtime 600
ip nhrp cache non-authoritative
tunnel source Loopback0
tunnel mode gre multipoint
end
r1841 - 10.0.78.2
interface Tunnel78
ip address 10.0.78.2 255.255.255.248
no ip redirects
ip mtu 1400
ip nhrp authentication xxx
ip nhrp map multicast 172.16.4.205
ip nhrp map 10.0.78.1 200.13.161.142
ip nhrp map multicast 200.13.161.142
ip nhrp network-id 78
ip nhrp holdtime 300
ip nhrp nhs 10.0.78.1
ip tcp adjust-mss 1360
tunnel source 172.16.4.206
tunnel mode gre multipoint
end
r1841 - 10.0.78.3
interface Tunnel78
ip address 10.0.78.3 255.255.255.248
no ip redirects
ip mtu 1400
ip nhrp authentication xxx
ip nhrp map multicast 172.16.4.205
ip nhrp map 10.0.78.1 200.13.161.142
ip nhrp map multicast 200.13.161.142
ip nhrp network-id 78
ip nhrp holdtime 300
ip nhrp nhs 10.0.78.1
ip nhrp cache non-authoritative
ip tcp adjust-mss 1360
tunnel source 172.16.4.58
tunnel mode gre multipoint
end
r871 - 10.0.78.4
interface Tunnel78
ip address 10.0.78.4 255.255.255.248
no ip redirects
ip mtu 1400
ip nhrp authentication xxx
ip nhrp map multicast 172.16.4.205
ip nhrp map 10.0.78.1 200.13.161.142
ip nhrp map multicast 200.13.161.142
ip nhrp network-id 78
ip nhrp holdtime 300
ip nhrp nhs 10.0.78.1
ip nhrp cache non-authoritative
ip tcp adjust-mss 1360
tunnel source 172.16.1.122
tunnel mode gre multipoint
end
The issue is happening between the 871 (10.0.78.4) and one of the 1841 (10.0.78.3), they can reach each other but not directly, and the "show ip nhrp brief" command show those entries as "incomplete"
r1841 - 10.0.78.3:
1841-IZALQUENO_StaTecla#show ip nh bri
Target Via NBMA Mode Intfc Claimed
10.0.78.1/32 10.0.78.1 200.13.161.142 static Tu78 < >
10.0.78.2/32 10.0.78.2 172.16.4.206 dynamic Tu78 < >
10.0.78.3/32 10.0.78.3 172.16.4.58 dynamic Tu78 < >
10.0.78.4/32 10.0.78.4 incomplete
r871 - 10.0.78.4:
Target Via NBMA Mode Intfc Claimed
10.0.78.1/32 10.0.78.1 200.13.161.142 static Tu78 < >
10.0.78.3/32 10.0.78.3 incomplete
When the entries are incomplete they do 2 hops:
Trace from 10.0.78.3 to 10.0.78.4
1841-IZALQUENO_StaTecla#trace 10.0.78.4
Type escape sequence to abort.
Tracing the route to 10.0.78.4
1 10.0.78.1 0 msec 4 msec 0 msec
2 10.0.78.4 8 msec * 4 msec
1841-IZALQUENO_StaTecla#
for some short moments the entries show themselves complete with the correct NBMA Adresses and the routers reach each other "directly" but after some minutes the "debug nhrp packet" starts showing up the error code(4) and the entries become incomplete...
I guess it has to be related...
The "debug nhrp packets" in the 10.0.78.3 shows:
Aug 22 08:59:54: NHRP: Send Resolution Request via Tunnel78 vrf 0, packet size: 82
Aug 22 08:59:54: src: 10.0.78.3, dst: 10.0.78.4
Aug 22 08:59:54: (F) afn: IPv4(1), type: IP(800), hop: 255, ver: 1
Aug 22 08:59:54: shtl: 4(NSAP), sstl: 0(NSAP)
Aug 22 08:59:54: (M) flags: "router auth src-stable", reqid: 467
Aug 22 08:59:54: src NBMA: 172.16.4.58
Aug 22 08:59:54: src protocol: 10.0.78.3, dst protocol: 10.0.78.4
Aug 22 08:59:54: (C-1) code: no error(0)
Aug 22 08:59:54: prefix: 0, mtu: 1514, hd_time: 300
Aug 22 08:59:54: addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0
Aug 22 08:59:54: NHRP: Send Resolution Request via Tunnel78 vrf 0, packet size: 82
Aug 22 08:59:54: src: 10.0.78.3, dst: 10.0.78.1
Aug 22 08:59:54: (F) afn: IPv4(1), type: IP(800), hop: 255, ver: 1
Aug 22 08:59:54: shtl: 4(NSAP), sstl: 0(NSAP)
Aug 22 08:59:54: (M) flags: "router auth src-stable", reqid: 467
Aug 22 08:59:54: src NBMA: 172.16.4.58
Aug 22 08:59:54: src protocol: 10.0.78.3, dst protocol: 10.0.78.4
Aug 22 08:59:54: (C-1) code: no error(0)
Aug 22 08:59:54: prefix: 0, mtu: 1514, hd_time: 300
Aug 22 08:59:54: addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0
Aug 22 08:59:54: NHRP: Receive Resolution Reply via Tunnel0 vrf 0, packet size: 134
Aug 22 08:59:54: (F) afn: IPv4(1), type: IP(800), hop: 255, ver: 1
Aug 22 08:59:54: shtl: 4(NSAP), sstl: 0(NSAP)
Aug 22 08:59:54: (M) flags: "router auth dst-stable unique src-stable", reqid: 467
Aug 22 08:59:54: src NBMA: 172.16.4.58
Aug 22 08:59:54: src protocol: 10.0.78.3, dst protocol: 10.0.78.4
Aug 22 08:59:54: (C-1) code: no error(0)
Aug 22 08:59:54: prefix: 32, mtu: 1514, hd_time: 300
Aug 22 08:59:54: addr_len: 4(NSAP), subaddr_len: 0(NSAP), proto_len: 4, pref: 0
Aug 22 08:59:54: client NBMA: 172.16.1.122
Aug 22 08:59:54: client protocol: 10.0.78.4
Aug 22 08:59:54: NHRP: Send Error Indication via Tunnel78 vrf 0, packet size: 326
Aug 22 08:59:54: src: 10.0.78.3, dst: 10.0.78.4
Aug 22 08:59:54: (F) afn: IPv4(1), type: IP(800), hop: 255, ver: 1
Aug 22 08:59:54: shtl: 4(NSAP), sstl: 0(NSAP)
Aug 22 08:59:54: (M) error code: administratively prohibited(4), offset: 0
Aug 22 08:59:54: src NBMA: 172.16.4.58
Aug 22 08:59:54: src protocol: 10.0.78.3, dst protocol: 10.0.78.4
Aug 22 08:59:54: Contents of error packet:
Aug 22 08:59:54: 00 01 08 00 00 00 00 00 00 FF 00 86 36 7D 00 3C
Aug 22 08:59:54: 01 02 04 00 04 04 F8 02 00 00 01 D3 AC 10 04 3A
Aug 22 08:59:54: 0A 00 4E 03 0A 00 4E 04 00 20 00 00 05 EA 01 2C
Aug 22 08:59:54: 04 00 04 00 AC 10 01 7A 0A 00 4E 04 80 03 00 14
Aug 22 08:59:54: 00 00 00 00 05 EA 01 2C 04 00 04 00 AC 10 01 7A
Aug 22 08:59:54: NHRP: Send Error Indication via Tunnel78 vrf 0, packet size: 326
Aug 22 08:59:54: src: 10.0.78.3, dst: 10.0.78.1
Aug 22 08:59:54: (F) afn: IPv4(1), type: IP(800), hop: 255, ver: 1
Aug 22 08:59:54: shtl: 4(NSAP), sstl: 0(NSAP)
Aug 22 08:59:54: (M) error code: administratively prohibited(4), offset: 0
Aug 22 08:59:54: src NBMA: 172.16.4.58
Aug 22 08:59:54: src protocol: 10.0.78.3, dst protocol: 10.0.78.4
Aug 22 08:59:54: Contents of error packet:
Aug 22 08:59:54: 00 01 08 00 00 00 00 00 00 FF 00 86 36 7D 00 3C
Aug 22 08:59:54: 01 02 04 00 04 04 F8 02 00 00 01 D3 AC 10 04 3A
Aug 22 08:59:54: 0A 00 4E 03 0A 00 4E 04 00 20 00 00 05 EA 01 2C
Aug 22 08:59:54: 04 00 04 00 AC 10 01 7A 0A 00 4E 04 80 03 00 14
Aug 22 08:59:54: 00 00 00 00 05 EA 01 2C 04 00 04 00 AC 10 01 7A
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I would greatly appreciate your help, why is that the entries show incomplete after some short time?
why is it happening only between one of the 1841 and the 871 (they all are running advipservices)...?
If you need additional information plz ask, and thanks for reading the issue.
Regards
Wil
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: