[c-nsp] GRE Tunnels and vrfs
Gert Doering
gert at greenie.muc.de
Sun Sep 12 12:02:33 EDT 2004
Hi,
On Sun, Sep 12, 2004 at 09:51:25AM +0300, Mihai CHELARU wrote:
> Gert Doering wrote:
>
> >>Question 2: Why is this setup working after I disable CEF ?
> >
> >How exactly is this "not working" with CEF?
> tcpdump shows that nothing is routed through this tunnel so packets are
> just black-holed. I checked the routes in RIB and they appear to be OK.
> A simple 'no ip cef' solves it. I think I'll update IOS these days and
> see how it does ;/
OK, this is certainly not the way it should be.
I can't say which bug this is, but I can say for sure that it works
the way you intended it on 3640 with 12.3(6a)... (modulo CEF TTL bug).
> >There are lots of funny bugs in GRE tunneling with CEF regarding TTL
> >decrementation (TTL not being decrement -> router not visible in
> >traceroute, and worse, if you have a loop, the packet will loop forever,
> >burning CPU like mad).
>
> Yes, I saw this too on other tunnels that I use but it's not so disturbing.
If you can make sure that packets won't loop, it's just a nuisance.
We managed to build a setup where certain packets would loop (aggregate
routed statically into the tunnel, but not all individual routes were
known on the B end, so the packets came back via the tunnel due to a
default route inside the VRF), and that drove CPU to 90% for hours...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list