[c-nsp] GRE tunnel problem

Wolfgang Roth Wolfgang.Roth at brave.de
Fri Jul 7 10:56:11 EDT 2006 

I have a strange GRE tunnel problem. We have two border routers in 
different locations which are directly connected with multiple serial 
links. The two routers speak BGP with different upstream providers.

There is a GRE tunnel configured between the two routers. If all serial 
links between the routers go down I want to connect the two routers using 
this GRE tunnel.

The routers can reach each other indepdently of the status of serial links. 
Our upstream provider assigned us IP addresses from their address space and 
statically route them to us. We use these addresses for the tunnel 
endpoints, so routing is idependant of our own AS and address space.

The problem is: If all serial links go down, the GRE tunnel line protocol 
also goes down. I don't understand why. Can anybody help?

Below you find some excerpts from the configurations and logs. What does 
'classify ... failed' exactly mean?


Wolfgang

Excerpt from configuration on router 1:

...
!
interface Loopback1
 ip address 1.2.3.4 255.255.255.255
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Tunnel0
 no ip address
 ip access-group 104 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting access-violations
 ip tcp adjust-mss 1436
 ntp disable
 keepalive 10 3
 tunnel source Loopback1
 tunnel destination 5.6.7.8
!
...

Excerpt from configuration on router 2:

...
!
interface Loopback1
 ip address 5.6.7.8 255.255.255.255
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Tunnel0
 no ip address
 ip access-group 104 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting access-violations
 ip tcp adjust-mss 1436
 ntp disable
 keepalive 10 3
 tunnel source Loopback1
 tunnel destination 1.2.3.4
!
...

'show interface Tunnel0' on router 1 when all serial links are up:

Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive set (10 sec), retries 3
  Tunnel source 1.2.3.4 (Loopback1), destination 5.6.7.8
  Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
  Tunnel TTL 255
  Checksumming of packets disabled,  fast tunneling enabled
  Last input 01:51:32, output 00:00:02, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 8
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     182597 packets input, 8764656 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     189878 packets output, 9114144 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out

'show interface Tunnel0' on router 1 when all serial links are down:

Tunnel0 is up, line protocol is down
           ^^                   ^^^^
  Hardware is Tunnel
  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive set (10 sec), retries 3
  Tunnel source 1.2.3.4 (Loopback1), destination 5.6.7.8
  Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
  Tunnel TTL 255
  Checksumming of packets disabled,  fast tunneling enabled
  Last input 00:00:09, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 8
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     180790 packets input, 8677920 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     188070 packets output, 9027360 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out

Excerpt from 'debug tunnel' on router 1 when all serial links are down:

Tunnel0: GRE/IP encapsulated 1.2.3.4->5.6.7.8 (linktype=7, len=48)
Tunnel0: GRE/IP classify 5.6.7.8->1.2.3.4 failed, tunnel down
                                          ^^^^^^^^^^^^^^^^^^^
Tunnel0: GRE/IP to decaps 5.6.7.8->1.2.3.4 (len=48 ttl=248)
Tunnel0: GRE decapsulated IP 1.2.3.4->5.6.7.8 (len=24, ttl=255)

More information about the cisco-nsp mailing list