[c-nsp] GRE Tunnels and vrfs
Ian Dickinson
ian.dickinson at pipex.net
Sun Sep 12 17:34:01 EDT 2004
Gert Doering wrote:
>We managed to build a setup where certain packets would loop (aggregate
>routed statically into the tunnel, but not all individual routes were
>known on the B end, so the packets came back via the tunnel due to a
>default route inside the VRF), and that drove CPU to 90% for hours...
I saw this when routes disappeared on the B end due to circuit
failure, whilst the A end still had a static to B. Adding a high
admin distance Null0 static on the B end sorted this, as would
have adding an ACL or uRPF to the Tunnel on the A end. You're
right that routers don't like loops over GRE very much.
Ian
More information about the cisco-nsp
mailing list