[c-nsp] Mysterious GRE tunnel flap

Ziv Leyes zivl at gilat.net
Thu Jul 22 03:01:04 EDT 2010 

Can this be related to keepalive settings?
Do you have a keepalive line in your tunnel configuration? If you don't then it means it's defaultly set to 10 seconds, try to put "no keepalive"


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Quinn Kuzmich
Sent: Thursday, July 22, 2010 4:34 AM
To: Pete Lumbis
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Mysterious GRE tunnel flap

No drops of any kinds on the interfaces.  Any of the usual culprits (carrier
resets, IPs reassigned, routing bugaboos etc) do not seem to match this.  We
aren't seeing any hits with EIGRP at ths time this happens, and the
interfaces do not see any hits on the counters.  To make this stranger, it's
only ONE end of the tunnel going down.  The other side stays up.

Q

On Wed, Jul 21, 2010 at 7:24 PM, Pete Lumbis <alumbis at gmail.com> wrote:

> I would take a box you can log outputs on (like a linux host).
>
> From site A set up a script that every 5 seconds prints the time then pings
> (say 10 packets):
> the local LAN interface, the local WAN interface, local the GRE IP, the
> remote WAN interface, remote LAN interface, remote GRE IP and if possible a
> host on the far side.
>
> Set up the same thing from side B.
>
> See if there are any drops anywhere along the path.
>
> I've seen issues like this where the carrier refreshes the IP but the lease
> always stays the same, or a batch job runs and congests the interface or
> anything else that would run on that kind of timer.
>
> Do you see any drops or anything on the physical interfaces from either
> side?
>
> Good luck, these kinds of problems can be hard to nail down.
>
> -Pete
>
>
> On Wed, Jul 21, 2010 at 8:10 PM, Quinn Kuzmich <lostinmoscow at gmail.com>wrote:
>
>> I appreciate the reply - the tunne source locall is actually an HSRP
>> virtual
>> interface, and it never goes down according to what I'm seeing.  And as
>> far
>> as I can recall, we get no errors on the interface that is acting as the
>> active router.
>>
>> Q
>>
>> On Wed, Jul 21, 2010 at 6:00 PM, Graham Wooden <graham at g-rock.net> wrote:
>>
>> > I'll take a stab at this ... I think it's something physical at one of
>> the
>> > sites.  Does any of the two interfaces has their line protocol go down?
>> Can
>> > you access down the link, outside the tunnel, ie. Ping your next hop
>> during
>> > this?
>> >
>> > I had something similar happen with some collocated gear at a remote
>> site.
>> > Around the same time everynight, err counters on an interface would go
>> nuts
>> > for about 2 minutes. Lots of finger pointing between LEC and us. Well,
>> come
>> > to find out that the building's emergency lighting would be tested at
>> this
>> > time, and it's cable run ran next to our T1s for a short distance before
>> > going into our room.
>> >
>> > Long story short here is check the physical layer first!
>> >
>> > -graham
>> >
>> > On 7/21/10 1:17 PM, "Quinn Kuzmich" <lostinmoscow at gmail.com> wrote:
>> >
>> > > Ok, I have a problem that I'm hoping someone can help out with.  I
>> have
>> > two
>> > > 1841s seperated by a Metro-E WAN.  Over this is a GRE tunnel to route
>> > > multicast.  Every morning at 8AM EST, give or take 3 minutes, the
>> tunnel
>> > > will go down for about 30 seconds.  This happens every morning at this
>> > time,
>> > > there are no errors in EIGRP, nor on the WAN side (plenty of tickets
>> > opened
>> > > and we were watching the circuit when the flap happened, no dice) and
>> > we're
>> > > at a real loss.  Maybe a bug in the IOS?  An angry voodoo priest
>> > somewhere?
>> > >
>> > >
>> > > Ideas?  Thanks in advance!
>> > >
>> > > Q
>> > > _______________________________________________
>> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
>> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
>> >
>> >
>> >
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************




 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************

More information about the cisco-nsp mailing list