Options
GRE Keep alive issue
Hey all,
I've been troubleshooting this issue for a while now and can't seem to get anywhere. I'm beginning to think I am looking over something very simple but just can't find it so I'm calling in the bug guns
.
Attached is the basic network topology (sorry for my crude drawing):
I know this isn't an ideal state by any means but it's an interim stage. There is a bunch of traffic flowing from Site1 to Site2 and vice versa. The decision was made to route some of that traffic out the internet connection to the other site via an IPSEC tunnel. A loopback address was created on Site1 and Site2 as shown in the drawing. On the Site1 and Site2 routers a tunnel interface was configured as well with the ip shown in the drawing. Static routes have been placed on all necessary switches.
I know (or at least think) the IPSEC tunnel and static routes are setup properly since I can ping the Site1 Router from the Site2 router and vice versa via the loopback addresses and I know it is going over the vpn tunnel since I retraced all the static routes.
This issue is that the GRE keepalives are not making it across the tunnel. I get the follow log messages on each switch and nothing about received keepalives so the tunnel moves to a down state (this is just showing from the Site2 router):
sending keepalive, 1.1.2.1->1.1.1.1 (len=24 ttl=255), counter=7
sending keepalive, 1.1.2.1->1.1.1.1 (len=24 ttl=255), counter=8
...
Now the interesting part is this is from Site2 (and yes I double checked this). It looks like the source address is 1.1.2.1 and sending to 1.1.1.1, yet here is the configuration on Site2's router for the tunnel:
interface Loopback99
bandwidth 8192
ip address 1.1.1.1 255.255.255.255
end
interface Tunnel32
ip address 172.20.0.33 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
load-interval 30
keepalive 5 3
cdp enable
tunnel source Loopback99
tunnel destination 1.1.2.1
end
The identical settings are configured on Site1 with different loopback/tunnel IP address)
It seems like the 1.1.2.1->1.1.1.1 on the log message is reversed. I didn't find any bug notices about it though (or is this correct and I am thinking about it wrong?)
Now whether or not this is just cosmetic I can't get the keepalives to work and it is driving me crazy. Any ideas?
Like I said I know this isn't an ideal setup but this is what we have to work with. I appreciate any help!
In case you are wondering, I'm using an ip sla with a routemap to change the next hop for traffic matched by an acl to go over the tunnel when the IP sla returns ok. and when fails the next hop is down so it routes via the multilink.
Also I just passed my CCNP Route so this has been interesting actually troubleshooting something I just learned, wish the book went into more detail.
And I did spend a few hours searching the internet but couldn't find anything helpful.
Thanks!
I've been troubleshooting this issue for a while now and can't seem to get anywhere. I'm beginning to think I am looking over something very simple but just can't find it so I'm calling in the bug guns
.Attached is the basic network topology (sorry for my crude drawing):
I know this isn't an ideal state by any means but it's an interim stage. There is a bunch of traffic flowing from Site1 to Site2 and vice versa. The decision was made to route some of that traffic out the internet connection to the other site via an IPSEC tunnel. A loopback address was created on Site1 and Site2 as shown in the drawing. On the Site1 and Site2 routers a tunnel interface was configured as well with the ip shown in the drawing. Static routes have been placed on all necessary switches.
I know (or at least think) the IPSEC tunnel and static routes are setup properly since I can ping the Site1 Router from the Site2 router and vice versa via the loopback addresses and I know it is going over the vpn tunnel since I retraced all the static routes.
This issue is that the GRE keepalives are not making it across the tunnel. I get the follow log messages on each switch and nothing about received keepalives so the tunnel moves to a down state (this is just showing from the Site2 router):
sending keepalive, 1.1.2.1->1.1.1.1 (len=24 ttl=255), counter=7
sending keepalive, 1.1.2.1->1.1.1.1 (len=24 ttl=255), counter=8
...
Now the interesting part is this is from Site2 (and yes I double checked this). It looks like the source address is 1.1.2.1 and sending to 1.1.1.1, yet here is the configuration on Site2's router for the tunnel:
interface Loopback99
bandwidth 8192
ip address 1.1.1.1 255.255.255.255
end
interface Tunnel32
ip address 172.20.0.33 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
load-interval 30
keepalive 5 3
cdp enable
tunnel source Loopback99
tunnel destination 1.1.2.1
end
The identical settings are configured on Site1 with different loopback/tunnel IP address)
It seems like the 1.1.2.1->1.1.1.1 on the log message is reversed. I didn't find any bug notices about it though (or is this correct and I am thinking about it wrong?)
Now whether or not this is just cosmetic I can't get the keepalives to work and it is driving me crazy. Any ideas?
Like I said I know this isn't an ideal setup but this is what we have to work with. I appreciate any help!
In case you are wondering, I'm using an ip sla with a routemap to change the next hop for traffic matched by an acl to go over the tunnel when the IP sla returns ok. and when fails the next hop is down so it routes via the multilink.
Also I just passed my CCNP Route so this has been interesting actually troubleshooting something I just learned, wish the book went into more detail.
And I did spend a few hours searching the internet but couldn't find anything helpful.
Thanks!