Solved: Tunnel0 temporarily disabled due to recursive routing

alex.dersch · ‎03-12-2012

Hello,

i'm having a problem with GRE Tunnel in a RIP network. I believe the distribution list is not working which causes recursive routing. i have two switches connected through a RIP enabled network. Any idea how i can debug if the distribution list is working?

thanks

alex

Here is config from switch 1

interface Tunnel0

ip address 10.34.0.9 255.255.255.0

tunnel source Loopback0

tunnel destination 150.1.10.10

!

interface Loopback0

ip address 150.1.9.9 255.255.255.0

router rip

version 2

network 10.0.0.0

network 150.1.0.0

network 155.1.0.0

distribute-list prefix STOP_RECURSIVE_ERROR out Tunnel0

no auto-summary

!

ip classless

ip route 172.16.0.10 255.255.255.255 Tunnel0

!

ip prefix-list STOP_RECURSIVE_ERROR seq 5 deny 150.1.9.0/24

ip prefix-list STOP_RECURSIVE_ERROR seq 10 permit 0.0.0.0/0 le 32

and here is the config from switch 2

interface Tunnel0

ip address 10.34.0.10 255.255.255.0

tunnel source Loopback0

tunnel destination 150.1.9.9

!

interface Loopback0

ip address 150.1.10.10 255.255.255.0

!

router rip

version 2

network 10.0.0.0

network 150.1.0.0

network 155.1.0.0

distribute-list prefix STOP_RECURSIVE_ERROR in Tunnel0

no auto-summary

!

ip classless

ip route 172.16.0.9 255.255.255.255 Tunnel0

!

ip prefix-list STOP_RECURSIVE_ERROR seq 5 deny 150.1.10.0/24

ip prefix-list STOP_RECURSIVE_ERROR seq 10 permit 0.0.0.0/0 le 32

Peter Paluch · ‎03-12-2012

Alex,

The debug you have attached shows that the Rack1SW3 receives a route 150.1.0.0/16. This is interesting - as you are using /24 subnets of this network on your loopbacks, receiving it would suggest a presence of some automatic summarization somewhere. According to the configuration snippet you have provided, the endpoints of your GRE tunnel have the automatic summarization deactivated but I still wonder - is it properly deactivated on each and every RIP router in your network?

In the meantime, I would suggest correcting the prefix list so that it denies all subnets of 150.1.0.0/16 to be advertised via the Tunnel interface, as follows:

ip prefix-list STOP_RECURSIVE_ERROR seq 5 deny 150.1.0.0/16 le 32

ip prefix-list STOP_RECURSIVE_ERROR seq 10 permit 0.0.0.0/0 le 32

Can you replace the prefix list on both your switches with this reformulation?

Best regards,

Peter

View solution in original post

Peter Paluch · ‎03-12-2012

Hello Alex,

On Switch 2, the distribute list is applied in a wrong direction - it should be used in the out direction. Please try to remove the existing command

distribute-list prefix STOP_RECURSIVE_ERROR in Tunnel0

and replace it with

distribute-list prefix STOP_RECURSIVE_ERROR out Tunnel0

Best regards,

Peter

alex.dersch · ‎03-12-2012

Hi Peter,

i changed it, now i have on both sides this RIP Config. But still the same problem.

router rip

version 2

network 10.0.0.0

network 150.1.0.0

network 155.1.0.0

distribute-list prefix STOP_RECURSIVE_ERROR out Tunnel0

no auto-summary

regards

alex

Peter Paluch · ‎03-12-2012

Hi Alex,

Can you please quote the exact error message as displayed on your console? Also, would you mind running the debug ip rip command on your router and sending the results here?

Best regards,

Peter

alex.dersch · ‎03-12-2012

Hi Peter,

the log is attached. The error message is

*Mar 3 00:49:36.514: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up

Rack1SW3#

*Mar 3 00:49:45.515: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing

*Mar 3 00:49:46.522: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down

Rack1SW3#

regards and thanks for having a look at it.

alex

Peter Paluch · ‎03-12-2012

Alex,

The debug you have attached shows that the Rack1SW3 receives a route 150.1.0.0/16. This is interesting - as you are using /24 subnets of this network on your loopbacks, receiving it would suggest a presence of some automatic summarization somewhere. According to the configuration snippet you have provided, the endpoints of your GRE tunnel have the automatic summarization deactivated but I still wonder - is it properly deactivated on each and every RIP router in your network?

In the meantime, I would suggest correcting the prefix list so that it denies all subnets of 150.1.0.0/16 to be advertised via the Tunnel interface, as follows:

ip prefix-list STOP_RECURSIVE_ERROR seq 5 deny 150.1.0.0/16 le 32

ip prefix-list STOP_RECURSIVE_ERROR seq 10 permit 0.0.0.0/0 le 32

Can you replace the prefix list on both your switches with this reformulation?

Best regards,

Peter

alex.dersch · ‎03-12-2012

Hi Peter,

thanks for hint with the summarization. The problem was a wrong rip configuration an one of the other devices. no auto-summary was missing. After applying the missing configuration the tunnel came up as expected.

thanks for helping me

regards

alex

Peter Paluch · ‎03-12-2012

Hi Alex,

It was a pleasure. Thank you for the generous rating!

Best regards,

Peter