[c-nsp] GRE tunnel problem

Fri Jul 7 12:22:00 EDT 2006

Cisco 2511-RJ will be good for this purpose.
It will have 16 Async port with RJ45 female connectors plus Console 
port, AUX port plus Ethernet/Serial port.
You can reuse Cisco console cable with RJ45 connector. ^.^

Hyun

Bruce Pinsky wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Wolfgang Roth wrote:
>> I have a strange GRE tunnel problem. We have two border routers in 
>> different locations which are directly connected with multiple serial 
>> links. The two routers speak BGP with different upstream providers.
>>
>> There is a GRE tunnel configured between the two routers. If all serial 
>> links between the routers go down I want to connect the two routers using 
>> this GRE tunnel.
>>
>> The routers can reach each other indepdently of the status of serial links. 
>> Our upstream provider assigned us IP addresses from their address space and 
>> statically route them to us. We use these addresses for the tunnel 
>> endpoints, so routing is idependant of our own AS and address space.
>>
>> The problem is: If all serial links go down, the GRE tunnel line protocol 
>> also goes down. I don't understand why. Can anybody help?
>>
>> Below you find some excerpts from the configurations and logs. What does 
>> 'classify ... failed' exactly mean?
>>
>>
>> Wolfgang
>>
>> Excerpt from configuration on router 1:
>>
>> ...
>> !
>> interface Loopback1
>>  ip address 1.2.3.4 255.255.255.255
>>  no ip redirects
>>  no ip unreachables
>>  no ip proxy-arp
>> !
>> interface Tunnel0
>>  no ip address
>>  ip access-group 104 in
>>  no ip redirects
>>  no ip unreachables
>>  no ip proxy-arp
>>  ip accounting access-violations
>>  ip tcp adjust-mss 1436
>>  ntp disable
>>  keepalive 10 3
>>  tunnel source Loopback1
>>  tunnel destination 5.6.7.8
>> !
>> ...
>>
>> Excerpt from configuration on router 2:
>>
>> ...
>> !
>> interface Loopback1
>>  ip address 5.6.7.8 255.255.255.255
>>  no ip redirects
>>  no ip unreachables
>>  no ip proxy-arp
>> !
>> interface Tunnel0
>>  no ip address
>>  ip access-group 104 in
>>  no ip redirects
>>  no ip unreachables
>>  no ip proxy-arp
>>  ip accounting access-violations
>>  ip tcp adjust-mss 1436
>>  ntp disable
>>  keepalive 10 3
>>  tunnel source Loopback1
>>  tunnel destination 1.2.3.4
>> !
>> ...
>>
>> 'show interface Tunnel0' on router 1 when all serial links are up:
>>
>> Tunnel0 is up, line protocol is up
>>   Hardware is Tunnel
>>   MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
>>      reliability 255/255, txload 1/255, rxload 1/255
>>   Encapsulation TUNNEL, loopback not set
>>   Keepalive set (10 sec), retries 3
>>   Tunnel source 1.2.3.4 (Loopback1), destination 5.6.7.8
>>   Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
>>   Tunnel TTL 255
>>   Checksumming of packets disabled,  fast tunneling enabled
>>   Last input 01:51:32, output 00:00:02, output hang never
>>   Last clearing of "show interface" counters never
>>   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 8
>>   Queueing strategy: fifo
>>   Output queue: 0/0 (size/max)
>>   5 minute input rate 0 bits/sec, 0 packets/sec
>>   5 minute output rate 0 bits/sec, 0 packets/sec
>>      182597 packets input, 8764656 bytes, 0 no buffer
>>      Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
>>      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>>      189878 packets output, 9114144 bytes, 0 underruns
>>      0 output errors, 0 collisions, 0 interface resets
>>      0 output buffer failures, 0 output buffers swapped out
>>
>> 'show interface Tunnel0' on router 1 when all serial links are down:
>>
>> Tunnel0 is up, line protocol is down
>>            ^^                   ^^^^
>>   Hardware is Tunnel
>>   MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
>>      reliability 255/255, txload 1/255, rxload 1/255
>>   Encapsulation TUNNEL, loopback not set
>>   Keepalive set (10 sec), retries 3
>>   Tunnel source 1.2.3.4 (Loopback1), destination 5.6.7.8
>>   Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
>>   Tunnel TTL 255
>>   Checksumming of packets disabled,  fast tunneling enabled
>>   Last input 00:00:09, output 00:00:05, output hang never
>>   Last clearing of "show interface" counters never
>>   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 8
>>   Queueing strategy: fifo
>>   Output queue: 0/0 (size/max)
>>   5 minute input rate 0 bits/sec, 0 packets/sec
>>   5 minute output rate 0 bits/sec, 0 packets/sec
>>      180790 packets input, 8677920 bytes, 0 no buffer
>>      Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
>>      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>>      188070 packets output, 9027360 bytes, 0 underruns
>>      0 output errors, 0 collisions, 0 interface resets
>>      0 output buffer failures, 0 output buffers swapped out
>>
>> Excerpt from 'debug tunnel' on router 1 when all serial links are down:
>>
>> Tunnel0: GRE/IP encapsulated 1.2.3.4->5.6.7.8 (linktype=7, len=48)
>> Tunnel0: GRE/IP classify 5.6.7.8->1.2.3.4 failed, tunnel down
>>                                           ^^^^^^^^^^^^^^^^^^^
>> Tunnel0: GRE/IP to decaps 5.6.7.8->1.2.3.4 (len=48 ttl=248)
>> Tunnel0: GRE decapsulated IP 1.2.3.4->5.6.7.8 (len=24, ttl=255)
> 
> Your tunnel has no IP addresses assigned.  It therefore is unable to
> forward IP packets.
> 
> When the serial interfaces are down, how are you directing (routing)
> traffic over the tunnels without any valid nexthops?
> 
> - --
> =========
> bep
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFErnzFE1XcgMgrtyYRAodiAJ0dR4OMJdY69BrkWnpJp7VpC8I/ywCg2uss
> nMFQKPpGHMPE+4yA464zZTo=
> =1G+M
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 