Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Tracking a Tunnel interface for HSRP failover.

Hello all, i have a question. I saw a while back a way to use a TUNNEL interface to track an upstream IP address...and then track it in HSRP. Now the issue with that is that the tunnel will not go down if the interface that you configured on your tunnel source does not go down. I know i can do it with other means, but does anyone know how i would do this with a tunnel?

3 REPLIES
Hall of Fame Super Silver

Re: Tracking a Tunnel interface for HSRP failover.

Richard

With traditional implementation of GRE tunnels you are correct that it would not work to track them in HSRP. The issue is that as long as the router has a valid route to the tunnel remote end point it will declare the GRE tunnel as up up, even if something in the path is broken and there is no communication.

The good news is that there is a feature in recent releases of IOS that will help you with this. The new feature is tunnel keep-alive. You have the ability to configure this optional feature. If you enable the keep-alive feature, your router will send periodic keepalives. If it does not get a response to the keepalive for a certain amount of time the IOS will mark the tunnel interface protocol down. If the interface goes protocol down it will work for tracking in HSRP. (One of the neat things about it is that even if it is protocol down the router will continue to send keepalives, even though it will not send any other traffic.)

So I think this new feature will solve your issue.

I believe that there is also another option using Enhanced Object Tracking that could make HSRP track over a tunnel work, but I believe that the keepalive option is easier and better.

HTH

Rick

New Member

Re: Tracking a Tunnel interface for HSRP failover.

Thanks for the post. Im aware of keepalives on a GRE tunnels, but correct me if im wrong. The Keepalive function on a tunnel using GRE is a GRE keepalive, not an IP one. Meaning the other side would need to be configured with a tunnel and using Keepalives as well.

I am looking for a...one sided keepalive i suppose. The other side is not going to setup a tunnel with me as its going to be any host on the internet.

Or maybe im missunderstanding you, this command is "new" as in..how new? I know keepalives on the gre tunnels have been around since 12.2(8)T. I will look for a "tunnel keep-alive" command.

Here is a good overview of how the old process works.

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a008048cffc.shtml#backinfo

Like i said as i understand it, if the other side is not configured with a tunnel using GRE also, then the tunnel will go down and not come up (iv tested it) without the other side having a tunnel and keepalives.

Thanks again for the response.

Hall of Fame Super Silver

Re: Tracking a Tunnel interface for HSRP failover.

Richard

Perhaps I misunderstood your original question. When you asked about using a tunnel interface to track in HSRP I assumed that you had a tunnel interface to some other router and were looking for ways to track that interface for HSRP.

Your most recent response seems to indicate that the remote will not have a tunnel interface with you. If the remote does not have a GRE tunnel with you then certainly GRE tunnel with keepalive will not help you.

However if the remote does have a GRE tunnel to you, it is NOT necessary that they configure (or support) GRE keepalives. This is the one sided keepalive that you want. The link that you included is a good writeup and I quote from it:

It gives the ability for one side to originate and receive keepalive packets to and from a remote router even if the remote router does not support GRE keepalives.

So if the remote does have a GRE tunnel to you then I think we have a solution. If the remote does not have a GRE tunnel to you then please clarify the original question.

HTH

Rick

1427
Views
0
Helpful
3
Replies
CreatePlease login to create content