[c-nsp] Mysterious tunnel interfaces
Jay Nakamura
zeusdadog at gmail.com
Thu Aug 12 13:53:51 EDT 2010
No HIMI. Other than DMVPN, ZBFW, IOS content filtering, there is
nothing special going on here. One T1 WIC, that's about it.
On Thu, Aug 12, 2010 at 1:48 PM, Matlock, Kenneth L
<MatlockK at exempla.org> wrote:
> Do you have any HIMI connections between the router, and a switchblade?
>
> Ken Matlock
> Network Analyst
> Exempla Healthcare
> (303) 467-4671
> matlockk at exempla.org
>
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jay Nakamura
> Sent: Thursday, August 12, 2010 11:35 AM
> To: cisco-nsp
> Subject: Re: [c-nsp] Mysterious tunnel interfaces
>
> Mystery deepens.
>
> Router#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> Router(config)#int tun0
> % This interface cannot be modified
> Router(config)#no int tun0
> % This interface cannot be modified
> Router(config)#int tun2
> % This interface cannot be modified
> Router(config)#int tun3
> % This interface cannot be modified
> Router(config)#^Z
> Router#sh ip pim tunnel
>
> Router#
>
> Nothing in "show run all" for these interfaces.
>
> I don't have multicast configured, or at least I haven't actively
> configured anything for it. I haven't really had to do anything with
> Multicast so I am not familiar with it.
>
> I do have IOS content filtering installed/configured but I don't think
> that will do this.
>
> I do have ZBFW configured.
>
> I do not have VRF on this router.
>
> Here are some outputs of the interfaces
>
> Router#sh int tunn0
> Tunnel0 is up, line protocol is up
> Hardware is Tunnel
> Interface is unnumbered. Using address of Tunnel2 (172.16.0.1)
> MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
> reliability 255/255, txload 81/255, rxload 1/255
> Encapsulation TUNNEL, loopback not set
> Keepalive not set
> Tunnel source 172.19.128.31
> Tunnel protocol/transport multi-GRE/IP
> Key disabled, sequencing disabled
> Checksumming of packets disabled
> Tunnel TTL 255, Fast tunneling enabled
> Tunnel transport MTU 1472 bytes
> Tunnel transmit bandwidth 8000 (kbps)
> Tunnel receive bandwidth 8000 (kbps)
> Last input never, output 17:22:42, output hang never
> Last clearing of "show interface" counters never
> Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
> Queueing strategy: fifo
> Output queue: 0/0 (size/max)
> 5 minute input rate 0 bits/sec, 0 packets/sec
> 5 minute output rate 32000 bits/sec, 2 packets/sec
> 0 packets input, 0 bytes, 0 no buffer
> Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
> 95997 packets output, 26708838 bytes, 0 underruns
> 0 output errors, 0 collisions, 0 interface resets
> 0 unknown protocol drops
> 0 output buffer failures, 0 output buffers swapped out
> Router#sh int tunn2
> Tunnel2 is up, line protocol is up
> Hardware is Tunnel
> Internet address is 172.16.0.1/16
> MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
> reliability 255/255, txload 1/255, rxload 1/255
> Encapsulation TUNNEL, loopback not set
> Keepalive not set
> Tunnel source 172.16.0.1
> Tunnel protocol/transport multi-GRE/IP
> Key disabled, sequencing disabled
> Checksumming of packets disabled
> Tunnel TTL 255, Fast tunneling enabled
> Tunnel transport MTU 1476 bytes
> Tunnel transmit bandwidth 8000 (kbps)
> Tunnel receive bandwidth 8000 (kbps)
> Last input never, output never, output hang never
> Last clearing of "show interface" counters never
> Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
> Queueing strategy: fifo
> Output queue: 0/0 (size/max)
> 5 minute input rate 0 bits/sec, 0 packets/sec
> 5 minute output rate 0 bits/sec, 0 packets/sec
> 0 packets input, 0 bytes, 0 no buffer
> Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
> 0 packets output, 0 bytes, 0 underruns
> 0 output errors, 0 collisions, 0 interface resets
> 0 unknown protocol drops
> 0 output buffer failures, 0 output buffers swapped out
> Router#sh int tunn3
> Tunnel3 is up, line protocol is up
> Hardware is Tunnel
> Interface is unnumbered. Using address of Tunnel2 (172.16.0.1)
> MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
> reliability 255/255, txload 7/255, rxload 1/255
> Encapsulation TUNNEL, loopback not set
> Keepalive not set
> Tunnel source 172.19.128.31
> Tunnel protocol/transport multi-GRE/IP
> Key disabled, sequencing disabled
> Checksumming of packets disabled
> Tunnel TTL 255, Fast tunneling enabled
> Tunnel transport MTU 1472 bytes
> Tunnel transmit bandwidth 8000 (kbps)
> Tunnel receive bandwidth 8000 (kbps)
> Last input never, output 05:17:13, output hang never
> Last clearing of "show interface" counters never
> Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
> Queueing strategy: fifo
> Output queue: 0/0 (size/max)
> 5 minute input rate 0 bits/sec, 0 packets/sec
> 5 minute output rate 3000 bits/sec, 2 packets/sec
> 0 packets input, 0 bytes, 0 no buffer
> Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
> 111685 packets output, 18723536 bytes, 0 underruns
> 0 output errors, 0 collisions, 0 interface resets
> 0 unknown protocol drops
> 0 output buffer failures, 0 output buffers swapped out
> Router#sh ip int tun0
> Tunnel0 is up, line protocol is up
> Interface is unnumbered. Using address of Tunnel2 (172.16.0.1)
> Broadcast address is 255.255.255.255
> MTU is 17856 bytes
> Helper address is not set
> Directed broadcast forwarding is disabled
> Outgoing access list is not set
> Inbound access list is not set
> Proxy ARP is enabled
> Local Proxy ARP is disabled
> Security level is default
> Split horizon is enabled
> ICMP redirects are never sent
> ICMP unreachables are always sent
> ICMP mask replies are never sent
> IP fast switching is enabled
> IP fast switching on the same interface is disabled
> IP Flow switching is disabled
> IP CEF switching is enabled
> IP CEF switching turbo vector
> IP Null turbo vector
> VPN Routing/Forwarding "tunnel-group-ivrf"
> Downstream VPN Routing/Forwarding ""
> IP multicast fast switching is enabled
> IP multicast distributed fast switching is disabled
> IP route-cache flags are Fast, CEF
> Router Discovery is disabled
> IP output packet accounting is disabled
> IP access violation accounting is disabled
> TCP/IP header compression is disabled
> RTP/IP header compression is disabled
> Policy routing is disabled
> Network address translation is disabled
> BGP Policy Mapping is disabled
> Input features: MCI Check
> Output features: CCE Post NAT Classification, Firewall (firewall component)
> WCCP Redirect outbound is disabled
> WCCP Redirect inbound is disabled
> WCCP Redirect exclude is disabled
> Router#sh ip int tun2
> Tunnel2 is up, line protocol is up
> Internet address is 172.16.0.1/16
> Broadcast address is 255.255.255.255
> Address determined by unknown means
> MTU is 1476 bytes
> Helper address is not set
> Directed broadcast forwarding is disabled
> Outgoing access list is not set
> Inbound access list is not set
> Proxy ARP is enabled
> Local Proxy ARP is disabled
> Security level is default
> Split horizon is enabled
> ICMP redirects are never sent
> ICMP unreachables are always sent
> ICMP mask replies are never sent
> IP fast switching is enabled
> IP fast switching on the same interface is disabled
> IP Flow switching is disabled
> IP CEF switching is enabled
> IP CEF switching turbo vector
> IP Null turbo vector
> VPN Routing/Forwarding "tunnel-group-ivrf"
> Downstream VPN Routing/Forwarding ""
> Tunnel VPN Routing/Forwarding "tunnel-group-ivrf"
> IP multicast fast switching is enabled
> IP multicast distributed fast switching is disabled
> IP route-cache flags are Fast, CEF
> Router Discovery is disabled
> IP output packet accounting is disabled
> IP access violation accounting is disabled
> TCP/IP header compression is disabled
> RTP/IP header compression is disabled
> Policy routing is disabled
> Network address translation is disabled
> BGP Policy Mapping is disabled
> Input features: MCI Check
> Output features: CCE Post NAT Classification, Firewall (firewall component)
> WCCP Redirect outbound is disabled
> WCCP Redirect inbound is disabled
> WCCP Redirect exclude is disabled
> Router#sh ip int tun3
> Tunnel3 is up, line protocol is up
> Interface is unnumbered. Using address of Tunnel2 (172.16.0.1)
> Broadcast address is 255.255.255.255
> MTU is 17856 bytes
> Helper address is not set
> Directed broadcast forwarding is disabled
> Outgoing access list is not set
> Inbound access list is not set
> Proxy ARP is enabled
> Local Proxy ARP is disabled
> Security level is default
> Split horizon is enabled
> ICMP redirects are never sent
> ICMP unreachables are always sent
> ICMP mask replies are never sent
> IP fast switching is enabled
> IP fast switching on the same interface is disabled
> IP Flow switching is disabled
> IP CEF switching is enabled
> IP CEF switching turbo vector
> IP Null turbo vector
> VPN Routing/Forwarding "tunnel-group-ivrf"
> Downstream VPN Routing/Forwarding ""
> IP multicast fast switching is enabled
> IP multicast distributed fast switching is disabled
> IP route-cache flags are Fast, CEF
> Router Discovery is disabled
> IP output packet accounting is disabled
> IP access violation accounting is disabled
> TCP/IP header compression is disabled
> RTP/IP header compression is disabled
> Policy routing is disabled
> Network address translation is disabled
> BGP Policy Mapping is disabled
> Input features: MCI Check
> Output features: CCE Post NAT Classification, Firewall (firewall component)
> WCCP Redirect outbound is disabled
> WCCP Redirect inbound is disabled
> WCCP Redirect exclude is disabled
>
>
>
>
> On Thu, Aug 12, 2010 at 9:39 AM, Luan Nguyen <luan at netcraftsmen.net> wrote:
>> I have those ISR2 (M1) as well as ASR1002 running DMVPN and don't have those
>> ghost tunnels. Must be for some other services such as multicast.
>> Try to remove them with no interface tunnel 0, and I think the router will
>> tell you why you couldn't.
>>
>> Regards,
>>
>> -Luan
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jay Nakamura
>> Sent: Wednesday, August 11, 2010 8:53 PM
>> To: cisco-nsp
>> Subject: [c-nsp] Mysterious tunnel interfaces
>>
>> I was working on a ISR 1941 with 15.0(1)M2. I am running DMVPN on it
>> and using one tunnel interface. (Tunnel 1). No other tunnel
>> interfaces are configured on the router. However when I do "show int
>> summary" I get this;
>>
>> #sh int summary
>>
>> *: interface is up
>> IHQ: pkts in input hold queue IQD: pkts dropped from input queue
>> OHQ: pkts in output hold queue OQD: pkts dropped from output queue
>> RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
>> TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
>> TRTL: throttle count
>>
>> Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
>> ------------------------------------------------------------------------
>> * GigabitEthernet0/0 0 0 0 0 6000 5 6000 5 0
>> GigabitEthernet0/1 0 0 0 0 0 0 0 0 0
>> * Serial0/0/0 0 0 0 0 3000 3 2000 2 0
>> NVI0 0 0 0 0 0 0 0 0 0
>> * Tunnel0 0 0 0 0 0 0 0 0 0
>> * Tunnel1 0 0 0 10 1000 2 1000 2 0
>> * Tunnel2 0 0 0 0 0 0 0 0 0
>> * Tunnel3 0 0 0 0 0 0 0 0 0
>>
>> I thought may be something got left behind while I was monkeying
>> around in it so I reloaded the router and the tunnel 0,2,3 are still
>> there and it says it's up. None of those interfaces are in the
>> startup or running-config.
>>
>> What is going on here? My other routers with similar config on a 1841
>> with 12.4(15)T* doesn't have this issue. It doesn't seem to be
>> affecting the routing of traffic but it's really bothering me.
>>
>> -Jay
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus signature
>> database 5358 (20100811) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>>
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus signature
>> database 5358 (20100811) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus signature
>> database 5360 (20100812) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus signature
>> database 5360 (20100812) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list