[c-nsp] GRE tunnels on 9k

Nick Cutting ncutting at edgetg.com
Mon Jun 26 15:47:39 EDT 2017 

It works all the time now nexus 93108-EX
– I think we just disabled the “feature tunnel “then re-enabled it.

I was testing with an ISR on the same links with no issues.

What I am missing is Traceroute hops from the tunnel interfaces.  This is for both UDP and ICMP traceroutes.
Both the ICMP TTL messages and the port unreachable messages are enabled everywhere in the transit path – as well as under the tunnel interfaces.

Any ideas?

Simple tunnel:

interface Tunnel172
  ip address 10.17.0.1/30
  ip unreachables
  ip ospf network point-to-point
  no ip ospf passive-interface
  ip router ospf 200 area 0.0.0.0
  tunnel source xx.xx.xx.xx
  tunnel destination xx.xx.xx.xx
  mtu 9000
  bandwidth 100000
  no shutdown

From: Arie Vayner [mailto:ariev at vayner.net]
Sent: Monday, June 26, 2017 10:42 AM
To: Nick Cutting <ncutting at edgetg.com>; cisco-nsp (cisco-nsp at puck.nether.net) <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] GRE tunnels on 9k


Can you try and define what was different during the 10% of the tests that worked?
When it doesn't work, what exactly doesn't work?
Maybe share a few config examples and how you test if it works or doesn't work...

On Tue, Jun 20, 2017, 06:27 Nick Cutting <ncutting at edgetg.com<mailto:ncutting at edgetg.com>> wrote:
Sorry - I mean nexus 9k, rather than ASR9000
And the ASr920 tunnels were ASR - ASR, not ASR -> nexus

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net>] On Behalf Of Nick Cutting
Sent: Tuesday, June 20, 2017 9:25 AM
To: cisco-nsp (cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>) <cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>>
Subject: [c-nsp] GRE tunnels on 9k

Good morning,

I am having some really crazy results when testing GRE tunnels on nexus 9k's.

They seem to work about 10 percent of the time.
I am going a little mad thinking about where the stars and planets were when these tunnels worked.

This is with the source and destination in the global table, and testing the tunnel IP, both in a VRF and in the global table.
This has been tested using both loopbacks as a source, and the outgoing interfaces.  Although I want to use loopbacks as we are using L3 multi-path.
I have searched the bug database I don't see anything strange . going to hit up TAC.  Tunnels over the same links on a terminated on ASR920 work fine.

Has anyone had any good / bad experiences with tunnels on the 9k?

Thank you,
nick
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
archive at http://puck.nether.net/pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/>

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
archive at http://puck.nether.net/pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/>

More information about the cisco-nsp mailing list