[nsp] weird gre tunnel...

James haesu at towardex.com
Mon Apr 19 00:34:42 EDT 2004 

This is old post... But I am following up b/c a few people had asked me
off-list back in the time to let them know if I figure out whats going on
as they experienced the same problem. (Below is the original post in quotes)

Although the reason why this was happening was never figured out at the time,
few very helpful people on this list suggested that Cisco router may not be
decrementing the TTL in the ip header of the ingress gre packet, or worse,
may even reset the TTL. But we couldn't figure out if it was really the Cisco
doing it or the FreeBSD box on the other end doing it..

Anyway... I just ran into same problem again between a Cisco 2610 router and
a Juniper box, last Friday.

And I found out that when you turn OFF cef on the Cisco, the TTL problem
with the gre tunnel immediately goes away, and the hidden hop in the
traceroute now shows up as expected.. So it appears cef implementation
on the IOS versions I tried (12.0.25S1 on 7500, 12.2(17a) on 2610) has a
bug or anamolgy that causes it to not decrement the TTL on gre tunnels..

Anyhow.. thought i should do what I promised and share the info on conclusion.
Thanks!

-J

On Sat, Sep 27, 2003 at 04:09:22PM -0400, Haesu wrote:
> Hi,
> 
> I got a 7500 running IOS 12.0.25S1..
> 
> It has GRE tunnel with some routes pointed to it..
> 
> Before I installed IOS 12.0.25S1 (it had non-serviceprovider version before),
> whenever I traceroute to certain destination going thru the GRE tunnel, the router
> at the other end of the tunnel always shows up in traceroute, which is normal.
> 
> For example:
> 1. my-7500-router
> 2. remote-router-on-the-other-end-of-the-tunnel
> 3. some-router
> 4. destination-host
> 
> After I installed 12.0.25S1 on that 7500, now I am seeing somewhat weird problem..
> The hop 2, which is the remote router on the other end of the GRE tunnel no longer
> shows up in traceroute... It now looks like this:
> 1. my-7500-router
> 2. some-router
> 3. destination-host
> 
> Any idea what is happening with the way GRE tunnels are behaving under 12.0.25S1?
> Is this a bug with the version I have or is there a special setting I have to use?
> The hop right after the tunnel being skipped in traceroute or other layer3 queries
> quite bothers me..
> 
> Thanks,
> -hc
> 
> -- 
> Haesu C.
> TowardEX Technologies, Inc.
> Consulting, colocation, web hosting, network design and implementation
> http://www.towardex.com | haesu at towardex.com
> Cell: (978)394-2867     | Office: (978)263-3399 Ext. 174
> Fax: (978)263-0033      | POC: HAESU-ARIN
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
James Jun                                            TowardEX Technologies, Inc.
Technical Lead                        Network Design, Consulting, IT Outsourcing
james at towardex.com                  Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867           web: http://www.towardex.com , noc: www.twdx.net

More information about the cisco-nsp mailing list