Nasty Cisco Problem - Any experts

NinjaBill

NinjaBill

NinjaBill

Associate
Joined
18 Nov 2005
Posts
100
Hi there

I have a few cisco 2811 routers connecting togther, running GRE over an IPClear network.

Im struggling to get a tunnel up, and was wondering if anyone can spot the obvious mistake. Int tu 104 is the one that isnt playing



Router 1

!
interface Loopback1
ip address 10.228.54.1 255.255.255.255
!
interface Loopback2
ip address 10.228.54.2 255.255.255.255
!
interface Tunnel1
no ip address
!
interface Tunnel101
bandwidth 2000
ip address 10.228.53.1 255.255.255.252
ip hello-interval eigrp 1 1
ip hold-time eigrp 1 3
tunnel source 10.228.54.1
tunnel destination 10.228.54.17
!
interface Tunnel102
bandwidth 2000
ip address 10.228.53.9 255.255.255.252
ip hello-interval eigrp 1 1
ip hold-time eigrp 1 3
tunnel source 10.228.54.2
tunnel destination 10.228.54.34
!
interface Tunnel103
bandwidth 2000
ip address 10.228.53.25 255.255.255.252
ip hello-interval eigrp 1 1
ip hold-time eigrp 1 3
tunnel source 10.228.54.1
tunnel destination 10.228.54.49
!
interface Tunnel104
bandwidth 2000
ip address 10.228.53.33 255.255.255.252
ip hello-interval eigrp 1 1
ip hold-time eigrp 1 3
shutdown <--- I know its shut down, but look below....
tunnel source 10.228.54.1
tunnel destination 10.228.54.65
!
interface FastEthernet0/0
description To IPC MPLS Cloud
no ip address
duplex full
speed 10
!
interface FastEthernet0/0.607
description VPNN300407
[cleared]

interface FastEthernet0/0.608
description VPN200074
[cleared]
!
interface FastEthernet0/1
[cleared]
!
router eigrp 1
network 10.203.4.0 0.0.0.255
network 10.228.53.0 0.0.0.3
network 10.228.53.8 0.0.0.3
network 10.228.53.24 0.0.0.3
network 10.228.53.32 0.0.0.3
network 10.228.54.1 0.0.0.0
network 10.228.54.2 0.0.0.0
network 10.228.55.4 0.0.0.3
distribute-list 4 in Tunnel1
distribute-list 3 out Tunnel101
distribute-list 3 out Tunnel102
distribute-list 3 out Tunnel103
distribute-list 3 out Tunnel104
no auto-summary

router bgp 64526
[cleared]

access-list 3 permit 10.203.12.0 0.0.0.255
access-list 3 permit 10.203.13.0 0.0.0.255
access-list 3 permit 10.203.25.0 0.0.0.255




Router 2



!
!
interface Loopback0
ip address 10.228.55.16 255.255.255.255
!
interface Loopback1
ip address 10.228.54.65 255.255.255.255
!
interface Loopback2
ip address 10.228.54.66 255.255.255.255
!
interface Tunnel104
bandwidth 2000
ip address 10.228.53.34 255.255.255.252
ip hello-interval eigrp 1 1
ip hold-time eigrp 1 3
tunnel source 10.228.54.65
tunnel destination 10.228.54.1
!
interface Tunnel107
bandwidth 2000
ip address 10.228.53.58 255.255.255.252
ip hello-interval eigrp 1 1
ip hold-time eigrp 1 3
tunnel source 10.228.54.65
tunnel destination 10.228.54.1
!
interface Tunnel108
bandwidth 2000
ip address 10.228.53.66 255.255.255.252
ip hello-interval eigrp 1 1
ip hold-time eigrp 1 3
tunnel source 10.228.54.65
tunnel destination 10.228.54.33
!
interface Tunnel110
bandwidth 2000
ip address 10.228.53.82 255.255.255.252
ip hello-interval eigrp 1 1
ip hold-time eigrp 1 3
tunnel source 10.228.54.65
tunnel destination 10.228.54.49
!
interface FastEthernet0/0
[cleared]
!
interface FastEthernet0/1
[cleared]
!
interface Serial0/1/0:0
[cleared]
!
router eigrp 1
network 10.8.0.0 0.0.255.255
network 10.228.53.32 0.0.0.3
network 10.228.53.64 0.0.0.3
network 10.228.53.80 0.0.0.3
distribute-list 3 out Tunnel104
distribute-list 3 out Tunnel107
distribute-list 3 out Tunnel108
distribute-list 3 out Tunnel110
auto-summary

access-list 3 permit 10.228.86.0 0.0.0.255
access-list 3 permit 10.228.84.0 0.0.0.255



router 1...

IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
5 10.203.4.1 Fa0/1 13 4d21h 1 200 0 47385
4 10.203.4.5 Fa0/1 14 4d21h 1 200 0 2358986
3 10.203.4.7 Fa0/1 11 4d21h 1 200 0 40355
2 10.228.53.10 Tu102 2 2w5d 5 200 0 62679
1 10.228.53.2 Tu101 2 2w5d 11 200 0 8945
0 10.228.53.26 Tu103 2 2w5d 6 200 0 69697



router 2...

IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.228.53.81 Tu110 2 01:16:42 21 200 0 69679
0 10.228.53.65 Tu108 2 03:53:12 25 200 0 62657
2 10.8.0.102 Fa0/0 11 1w6d 3 200 0 3888
1 10.8.0.101 Fa0/0 10 1w6d 2 200 0 3858



back onto router 1


router1#
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#int t104
router1(config-if)#no shut
router1(config-if)#
2w5d: RT: is_up: Tunnel104 1 state: 4 sub state: 1 line: 0 has_route: False
2w5d: RT: add 10.228.53.32/30 via 0.0.0.0, connected metric [0/0]
2w5d: RT: NET-RED 10.228.53.32/30
2w5d: RT: interface Tunnel104 added to routing table
.Jul 24 12:41:32.066: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.228.53.34 (T
unnel104) is up: new adjacency
.Jul 24 12:41:33.478: %LINK-3-UPDOWN: Interface Tunnel104, changed state to up
2w5d: RT: is_up: Tunnel104 1 state: 4 sub state: 1 line: 0 has_route: True
.Jul 24 12:41:34.478: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel104,
changed state to up
2w5d: RT: is_up: Tunnel104 1 state: 4 sub state: 1 line: 0 has_route: True
router1(config-if)#
router1(config-if)#
router1(config-if)#^Z
router1#sh
.Jul 24 12:41:39.194: %SYS-5-CONFIG_I: Configured from console by netadmin on vt
y0 (10.203.85.12)ip eigrp nei
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
6 10.228.53.34 Tu104 2 00:00:09 1 5000 2 0
5 10.203.4.1 Fa0/1 12 4d22h 1 200 0 47635
4 10.203.4.5 Fa0/1 10 4d22h 2 200 0 2362433
3 10.203.4.7 Fa0/1 14 4d22h 1 200 0 40413
2 10.228.53.10 Tu102 2 2w5d 4 200 0 62687
1 10.228.53.2 Tu101 2 2w5d 11 200 0 8953
0 10.228.53.26 Tu103 2 2w5d 7 200 0 69705
router1#


but then on router 2

IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.228.53.81 Tu110 2 01:35:20 21 200 0 69679
0 10.228.53.65 Tu108 2 04:11:50 25 200 0 62657
2 10.8.0.102 Fa0/0 10 1w6d 3 200 0 3888
1 10.8.0.101 Fa0/0 10 1w6d 2 200 0 3858


Any ideas. I've been looking at it for 3 hrs now, and its sending my nuts
 
Questions.

1.> As you are attempting to form an EIGRP adjecency between loopbacks, how does R1 know about R2's loopback? I can see network statements for R1's loopbacks but none on R2?

2.> If you do "debug eigrp packet" on R2 can you see EIGRP hellos coming from R1?, if you do "show ip eigrp int" on both boxes, are all the relavent interfaces running EIGRP?

3.> When the tunnel comes up can you ping across it? have you tried adding "tunnel keepalive" to either side to make sure its actually up and not spoofing?
 
Edit: Just tunnel 104. How on earth did you get the rest working? I assume this is a partial config?
 
Last edited:
Thanks for your very helpful replies. I've got downtime from 9pm to have a look at this in more depth

in answer to your questions

1) via BGP. Loopbacks are advertised into wan via BGP, I snipped this bit of the config
2) No, Can see hellos coming in the other tunnels, but not 104. This is clearly the source of the problem
3) Yes, I can ping (and telnet) accross, ill try the tunnel keepalive
 
Some oddness.

I turned on the keepalives, and T104 went down, however R1 could ping R2 loopback and vice versa

I changed the tunnel source on r2 to .66 (loopback 2 instead of loopback 1) and the destination on r1 to match, and the interface came straight up.

This seems a bit strange, as the Loop1 interface on r2 is definately distributed correctly into BGP, as the other tunnels (to and from other sites) terminate happily on this address.
 
There must be something funny with the routing of the Gre packets getting between R1 and R2, especially if it works fine when you swap the tunnel endpoints/destinations.

Are you absolutely 100% sure without a doubt that the routing to and from the loopbacks is identical for each tunnel?

Also, are you 100% absolutely sure that there are no instances of recursive routing in your logging buffer? (you probably already know, but thats when the best path for the gre packets is via the tunnel itself - hence breaking it)
 
You must log in or register to reply here.
Back
Top Bottom