[c-nsp] GRE tunnel flapping every 15 minutes

Benjamin Lovell belovell at cisco.com
Wed Feb 16 15:57:25 EST 2011 

Last step, if possible, before going to ISP would be a wireshark capture on 871 WAN interface. Start up a continuous ping from 871 WAN IP to headend WAN IP. Get a few GRE keepalives during working and broken and few pings from working and broken. 

Check DMAC en such between working and broken. This would be proof positive(alway helpful when dealing with L1 ISP techs) that issue is on the ISP side. 

-Ben

On Feb 16, 2011, at 3:37 PM, schilling wrote:

> We just replaced the ISR 871 with a brand new ISR881. The issue
> persists.  We have a dozen other tunnels terminated on the same head
> end. None of them has issue.
> 
> I did run Ben suggested debug ip icmp. The ISR871 is still sending out
> icmp reply even we are not able to get it from out end during the
> tunnel down 30 seconds interval.
> 
> When our engineer was on site. He was able to ping the WAN gateway on
> the cable modem during the 30 seconds down time, but not able to ping
> the tunnel destination.   He also tried to ping from the ISR881, was
> able to ping WAN gateway, but not the tunnel destination.
> 
> I am now leaning toward routing issue within Comcast or cable modem issue.
> 
> Thanks,
> 
> Schilling
> 
> 
> 
> On Wed, Feb 16, 2011 at 2:36 PM, Quinn Kuzmich <lostinmoscow at gmail.com> wrote:
>>  I had a similar issue with one of my tunnels, and it turned out to be bad
>> hardware on one end.
>> 
>> Q
>> 
>> On Mon, Feb 14, 2011 at 3:36 PM, schilling <schilling2006 at gmail.com> wrote:
>>> 
>>> I have an ISR 871 behind Comcast residential cable modem with static
>>> IP address, and have GRE tunnel back to our headend. Just plain
>>> point-to-point GRE tunnel. Now it's flapping every 15 minutes, then
>>> comes back up after 30 seconds. debug ip routing just showed tunnel66
>>> down and refreshed the routing table. There is no route
>>> addition/removal or any interface down before the tunnel66 down.  When
>>> the tunnel is down, I am still able to ping the WAN gateway, but not
>>> the WAN IP on the ISR871.
>>> 
>>> #remote end
>>> interface Tunnel66
>>>  bandwidth 8000
>>>  ip address 192.168.222 255.255.255.252
>>>  no ip redirects
>>>  ip tcp adjust-mss 1436
>>>  load-interval 30
>>>  keepalive 10 10
>>>  tunnel source FastEthernet4
>>>  tunnel destination 192.168.253.19
>>>  tunnel path-mtu-discovery
>>> end
>>> ip route 192.168.253.19 255.255.255.255 WANgateway
>>> ip route 0.0.0.0 0.0.0.0 WANgateway 250
>>> ip route 0.0.0.0 0.0.0.0 tunnel66
>>> 
>>> #head end similar.
>>> 
>>> Just upgraded the ISR871 to be running latest
>>> c870-advipservicesk9-mz.124-24.T4.bin, but the issue persists. We
>>> already tried reboot the modem and reboot the switch.
>>> 
>>> Any insight?
>>> 
>>> Thanks,
>>> 
>>> Schilling
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
>> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list