[c-nsp] Mysterious GRE tunnel flap

Ziv Leyes zivl at gilat.net
Sun Jul 25 02:26:43 EDT 2010 

I'll take a wild guess here.
Since you're sourcing the tunnel with the hsrp ip, and you don't have a standby priority set it means that there is another device "competing" on the  IP address. Could it be that for some strange reason the hsrp is fluctuating between them and this causes the tunnel to be unstable?
Can you check the HSRP events and see what happens?
Also, as I said, try to take off the keepalive on the tunnel and set a higher standby priority to one of the devices, just to see if it helps.
HTH
Ziv


From: Quinn Kuzmich [mailto:lostinmoscow at gmail.com]
Sent: Thursday, July 22, 2010 7:08 PM
To: Gert Doering
Cc: Ziv Leyes; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Mysterious GRE tunnel flap

Ok, here's the config for one of the two routers - they have the same basic HSRP config so if one is wrong, so is the other.  Remember, the other end of the tunnel is NOT exhibiting the problem at all.


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname rem16-miramar-r2
!
boot-start-marker
boot-end-marker
!
logging count
logging message-counter syslog
logging buffered 51200
no logging console
!
no aaa new-model
ip source-route
!
!
!
!
no ip cef
ip domain lookup source-interface FastEthernet0/0
ip domain name cell2.psap.bc.local
ip multicast-routing
no ipv6 cef
ntp server 10.3.0.1
multilink bundle-name authenticated
!
!
archive
 log config
  hidekeys
!
!
ip tftp source-interface FastEthernet0/0
!
track 1 interface Serial0/1/0 ip routing
!
!
!
!
interface Tunnel16
 description *** TUNNEL FOR VSS 16 (Multicast only) ***
 ip address 10.250.16.1 255.255.255.252
 ip pim query-interval 1
 ip pim state-refresh origination-interval 4
 ip pim dense-mode
 ip tcp adjust-mss 1436
 no ip mroute-cache
 keepalive 1 1
 tunnel source 10.16.15.254
 tunnel destination 10.3.15.254
!
interface FastEthernet0/0
 description *** BACKROOM ***
 ip address 10.16.15.252 255.255.240.0
 ip access-group 100 out
 ip helper-address 10.3.0.1
 ip pim dr-priority 255
 ip pim query-interval 1
 ip pim state-refresh origination-interval 4
 ip pim dense-mode
 no ip mroute-cache
 speed 100
 full-duplex
 keepalive 1
 standby delay minimum 45 reload 60
 standby 1 ip 10.16.15.254
 standby 1 timers 1 3
 standby 1 preempt delay minimum 15 reload 15 sync 15
 standby 1 track Serial0/1/0
!
interface FastEthernet0/1
 description *** CROSSOVER R2 R1 ***
 ip address 10.252.216.2 255.255.255.0
 ip hello-interval eigrp 2604 1
 ip hold-time eigrp 2604 2
 speed 100
 full-duplex
 keepalive 1
!
interface Serial0/1/0
 ip address 10.252.16.2 255.255.255.252
 ip hello-interval eigrp 2604 1
 ip hold-time eigrp 2604 3
 keepalive 4
 no fair-queue
 service-module t1 timeslots 1-24
!
router eigrp 2604
 passive-interface FastEthernet0/0
 network 10.16.0.0 0.0.15.255
 network 10.252.0.0 0.0.255.255
 no auto-summary
 eigrp stub connected
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.252.216.1 240
!
!
no ip http server
ip dns server
ip mroute 10.0.0.0 255.0.0.0 10.250.16.2
!
ip access-list standard AllSites
 permit 10.0.0.0
ip access-list standard MyRemoteSite
 permit 10.16.0.0 0.0.15.255
!
logging source-interface FastEthernet0/0
logging server-arp
logging 10.4.0.1
access-list 100 deny   udp 10.4.0.0 0.0.15.255 any gt 5000
access-list 100 permit ip any any
access-list 101 deny   udp 10.3.0.0 0.0.15.255 any gt 5000
access-list 101 permit ip any any
!
route-map REM-LEAK-LIST permit 10
 match ip address AllSites
 match interface FastEthernet0/1
!
route-map REM-LEAK-LIST permit 20
 match ip address MyRemoteSite
 match interface Serial0/1/0
!
!
!
control-plane
!
!
!
line con 0
 login local
line aux 0
line vty 0 4
 exec-timeout 0 0
 login local
 transport input telnet
line vty 5 15
 exec-timeout 0 0
 login
 transport input telnet



************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************

 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************

More information about the cisco-nsp mailing list