Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Random EIGRP neighborship flap between two beers throug tunnel interface

Dears,

I'm experincing an issue between two sites connected through an ISP , we have an IPSEC tunnel between these two sites and we are seeing a random EIGRP flap as follows:

Dec 15 20:54:57 JO: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.16.2.19 (Tunnel0) is down: holding time expired

Dec 15 20:55:29 JO: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.16.2.19 (Tunnel0) is up: new adjacency

I see some output drops on the tunnel interfaces but i'm not sure if they are related or not :

Tunnel1 is up, line protocol is up

  Hardware is Tunnel

  Description: "DR --> P2P GRE"

  Internet address is 172.16.3.1/30

  MTU 1514 bytes, BW 100000 Kbit/sec, DLY 500000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation TUNNEL, loopback not set

  Keepalive not set

  Tunnel source 172.16.4.1 (Loopback0), destination 172.16.4.3

  Tunnel protocol/transport GRE/IP

.

.

  Last clearing of "show interface" counters 1d02h

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 143 >>>>>>>>>>>>>

  Queueing strategy: fifo

  Output queue: 0/0 (size/max)

  5 minute input rate 481000 bits/sec, 116 packets/sec

  5 minute output rate 601000 bits/sec, 118 packets/sec

  The configuration is like the folowing:

Site 1:

interface Tunnel1

description "DR --> P2P GRE"

bandwidth 100000

ip address 172.16.3.1 255.255.255.252

ip mtu 1400

ip tcp adjust-mss 1360

cdp enable

tunnel source Loopback0

tunnel destination 172.16.4.3

tunnel key 4

tunnel protection ipsec profile vpn-dmvpn shared

Site 2:

interface Tunnel1

description Connection to HQ1 --> P2P GRE

bandwidth 100000

ip address 172.16.3.2 255.255.255.252

ip mtu 1400

ip tcp adjust-mss 1360

tunnel source Loopback0

tunnel destination 172.16.4.1

tunnel key 4

tunnel protection ipsec profile vpn-dmvpn shared

I have some doubts that the issue is from the ISP site but i'm not able to confirm that , is there any way to confirm what are the packets being dropped on the tunnel interface ?and how to get rid of them ? is there any other reason that could cause such a problem ?

Best Regards,

Ahmad.

Everyone's tags (2)
238
Views
0
Helpful
0
Replies
CreatePlease login to create content