[c-nsp] GRE tunnel problem

Bruce Pinsky bep at whack.org
Fri Jul 7 11:24:53 EDT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wolfgang Roth wrote:
> I have a strange GRE tunnel problem. We have two border routers in 
> different locations which are directly connected with multiple serial 
> links. The two routers speak BGP with different upstream providers.
> 
> There is a GRE tunnel configured between the two routers. If all serial 
> links between the routers go down I want to connect the two routers using 
> this GRE tunnel.
> 
> The routers can reach each other indepdently of the status of serial links. 
> Our upstream provider assigned us IP addresses from their address space and 
> statically route them to us. We use these addresses for the tunnel 
> endpoints, so routing is idependant of our own AS and address space.
> 
> The problem is: If all serial links go down, the GRE tunnel line protocol 
> also goes down. I don't understand why. Can anybody help?
> 
> Below you find some excerpts from the configurations and logs. What does 
> 'classify ... failed' exactly mean?
> 
> 
> Wolfgang
> 
> Excerpt from configuration on router 1:
> 
> ...
> !
> interface Loopback1
>  ip address 1.2.3.4 255.255.255.255
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
> !
> interface Tunnel0
>  no ip address
>  ip access-group 104 in
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip accounting access-violations
>  ip tcp adjust-mss 1436
>  ntp disable
>  keepalive 10 3
>  tunnel source Loopback1
>  tunnel destination 5.6.7.8
> !
> ...
> 
> Excerpt from configuration on router 2:
> 
> ...
> !
> interface Loopback1
>  ip address 5.6.7.8 255.255.255.255
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
> !
> interface Tunnel0
>  no ip address
>  ip access-group 104 in
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip accounting access-violations
>  ip tcp adjust-mss 1436
>  ntp disable
>  keepalive 10 3
>  tunnel source Loopback1
>  tunnel destination 1.2.3.4
> !
> ...
> 
> 'show interface Tunnel0' on router 1 when all serial links are up:
> 
> Tunnel0 is up, line protocol is up
>   Hardware is Tunnel
>   MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
>      reliability 255/255, txload 1/255, rxload 1/255
>   Encapsulation TUNNEL, loopback not set
>   Keepalive set (10 sec), retries 3
>   Tunnel source 1.2.3.4 (Loopback1), destination 5.6.7.8
>   Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
>   Tunnel TTL 255
>   Checksumming of packets disabled,  fast tunneling enabled
>   Last input 01:51:32, output 00:00:02, output hang never
>   Last clearing of "show interface" counters never
>   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 8
>   Queueing strategy: fifo
>   Output queue: 0/0 (size/max)
>   5 minute input rate 0 bits/sec, 0 packets/sec
>   5 minute output rate 0 bits/sec, 0 packets/sec
>      182597 packets input, 8764656 bytes, 0 no buffer
>      Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
>      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>      189878 packets output, 9114144 bytes, 0 underruns
>      0 output errors, 0 collisions, 0 interface resets
>      0 output buffer failures, 0 output buffers swapped out
> 
> 'show interface Tunnel0' on router 1 when all serial links are down:
> 
> Tunnel0 is up, line protocol is down
>            ^^                   ^^^^
>   Hardware is Tunnel
>   MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
>      reliability 255/255, txload 1/255, rxload 1/255
>   Encapsulation TUNNEL, loopback not set
>   Keepalive set (10 sec), retries 3
>   Tunnel source 1.2.3.4 (Loopback1), destination 5.6.7.8
>   Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
>   Tunnel TTL 255
>   Checksumming of packets disabled,  fast tunneling enabled
>   Last input 00:00:09, output 00:00:05, output hang never
>   Last clearing of "show interface" counters never
>   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 8
>   Queueing strategy: fifo
>   Output queue: 0/0 (size/max)
>   5 minute input rate 0 bits/sec, 0 packets/sec
>   5 minute output rate 0 bits/sec, 0 packets/sec
>      180790 packets input, 8677920 bytes, 0 no buffer
>      Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
>      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>      188070 packets output, 9027360 bytes, 0 underruns
>      0 output errors, 0 collisions, 0 interface resets
>      0 output buffer failures, 0 output buffers swapped out
> 
> Excerpt from 'debug tunnel' on router 1 when all serial links are down:
> 
> Tunnel0: GRE/IP encapsulated 1.2.3.4->5.6.7.8 (linktype=7, len=48)
> Tunnel0: GRE/IP classify 5.6.7.8->1.2.3.4 failed, tunnel down
>                                           ^^^^^^^^^^^^^^^^^^^
> Tunnel0: GRE/IP to decaps 5.6.7.8->1.2.3.4 (len=48 ttl=248)
> Tunnel0: GRE decapsulated IP 1.2.3.4->5.6.7.8 (len=24, ttl=255)

Your tunnel has no IP addresses assigned.  It therefore is unable to
forward IP packets.

When the serial interfaces are down, how are you directing (routing)
traffic over the tunnels without any valid nexthops?

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFErnzFE1XcgMgrtyYRAodiAJ0dR4OMJdY69BrkWnpJp7VpC8I/ywCg2uss
nMFQKPpGHMPE+4yA464zZTo=
=1G+M
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list