Before GRE keepalives were implemented, there were only three reasons for a GRE tunnel to shut down:
1)There is no route to the tunnel destination address.
2)The interface that anchors the tunnel source is down.
3)The route to the tunnel destination address is through the tunnel itself.
Another attribute of GRE tunnel keepalives is that the keepalive timers on each side are independent and do not have to match
BUt in general you would not just enable one side as it will obviously just keep track one side.
LAB
----
Ok so r5 connects to r4 loopback 4.4.4.4 over the frame relay network using int s0/0/0 - this will primary path
and it also has aconnection to r4 s0/1/0 over directly connected serial this is the backup
R4 Base config
--------------
r4#sh run in
*Dec 12 16:05:31.687: %SYS-5-CONFIG_I: Configured from console by consolet s0/0/0
Building configuration...
Current configuration : 110 bytes
!
interface Serial0/0/0
ip address 10.229.254.7 255.255.255.0
encapsulation frame-relay
no fair-queue
end
r4#sh run int s0/1/0
Building configuration...
Current configuration : 87 bytes
!
interface Serial0/1/0
ip address 10.164.49.1 255.255.255.0
clock rate 2000000
end
r4#
r4#sh run int lo0
Building configuration...
Current configuration : 63 bytes
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
end
r4#
r5 base config
---------------
r5#sh ru
*Dec 12 16:20:29.863: %SYS-5-CONFIG_I: Configured from console by consolen int s0/0/0
Building configuration...
Current configuration : 110 bytes
!
interface Serial0/0/0
ip address 10.229.254.8 255.255.255.0
encapsulation frame-relay
no fair-queue
end
r5#
r5#sh run int s0/1/0
Building configuration...
Current configuration : 67 bytes
!
interface Serial0/1/0
ip address 10.164.49.2 255.255.255.0
end
r5#ping 10.164.49.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.164.49.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r5#ping 10.229.254.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.229.254.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms
r5#
so we have connectivity to both
i will just show the issue with backup int
r5(config)#int s0/0/0
r5(config-if)#backup interface s0/1/0 - so i am setting s0/0/0 as the primary and backup as s0/1/0
I need route to 4.4.4.4 so one for each
r5(config)#ip route 4.4.4.4 255.255.255.255 10.229.254.7
r5(config)#ip route 4.4.4.4 255.255.255.255 10.164.49.1
so even though i specify an ip route for same network same admin distance only the primary interface makes it into the routing table as the other interface is in standby mode
r5#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
4.0.0.0/32 is subnetted, 1 subnets
S 4.4.4.4 [1/0] via 10.229.254.7
5.0.0.0/24 is subnetted, 1 subnets
C 5.5.5.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
C 10.229.254.0 is directly connected, Serial0/0/0
r5#
r5#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.164.50.1 YES NVRAM administratively down down
FastEthernet0/1 172.25.12.2 YES NVRAM administratively down down
Serial0/0/0 10.229.254.8 YES manual up up
Serial0/1/0 10.164.49.2 YES manual standby mode down
Loopback0 5.5.5.5 YES NVRAM up up
I can ping success
r5#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/64/68 ms
r5#
ON r4
-----
r4(config)#int s0/0/0
r4(config-if)#shut
r4(config-if)#
on r5
-----
r5#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.164.50.1 YES NVRAM administratively down down
FastEthernet0/1 172.25.12.2 YES NVRAM administratively down down
Serial0/0/0 10.229.254.8 YES manual up up
Serial0/1/0 10.164.49.2 YES manual standby mode down
Loopback0 5.5.5.5 YES NVRAM up up
s0/0/0 is still up even though the other side is shutdown as it is a multipoint interface it does not change status just because the other end goes down i can not ping i have lost reachability
r5#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
r5#
but backup interface does not kick on as it is depended on line status to go down for it to kick in
Solution
---------
on r5
r5#sh run int tunnel 12
Building configuration...
Current configuration : 102 bytes
!
interface Tunnel12
keepalive 10 3
ip address 11.11.11.1 255.255.255.0 - tunnel ip
tunnel source 10.229.254.8
tunnel destination 10.229.254.7
end
on r5 i take the backup interface of s0/0/0 and i deleted the
r5(config)# no ip route 4.4.4.4 255.255.255.255 10.229.254.7
I put a new ip route of
r5(config)#ip route 4.4.4.4 255.255.255.255 tunnel 12
and i add the backup interface command to the tunnel int 12
r5(config)#int tunnel 12
r5(config-if)#backup int s0/1/0
r5(config-if)#
on r4
interface Tunnel12
ip address 11.11.11.2 255.255.255.0
keepalive 10 3
tunnel source 10.229.254.7
tunnel destination 10.229.254.8
end
on r5
r5#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.164.50.1 YES NVRAM administratively down down
FastEthernet0/1 172.25.12.2 YES NVRAM administratively down down
Serial0/0/0 10.229.254.8 YES manual up up
Serial0/1/0 10.164.49.2 YES manual standby mode down
Loopback0 5.5.5.5 YES NVRAM up up
Tunnel12 11.11.11.1 YES manual up up
ok tunnel is up keep alives are on and s0/0/0 is in standby mode
ok to test
on r4
r4#config t
Enter configuration commands, one per line. End with CNTL/Z.
r4(config)#int s0/0/0
r4(config-if)#shut
r4(config-if)#
*Dec 12 16:34:57.123: %LINK-5-CHANGED: Interface Serial0/0/0, changed state to administratively down
*Dec 12 16:34:58.123: %LINEP
on r5
it has recognised the other side of the line has gone down bringing down it line protocol on s0/0/0 which enabled the backup interface s0/1/0 and we are able to still ping 4.4.4.4 fine
r5#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.164.50.1 YES NVRAM administratively down down
FastEthernet0/1 172.25.12.2 YES NVRAM administratively down down
Serial0/0/0 10.229.254.8 YES manual up up
Serial0/1/0 10.164.49.2 YES manual up up
Loopback0 5.5.5.5 YES NVRAM up up
Tunnel12 11.11.11.1 YES manual up down
r5#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r5#
INtegration with floating statics
-----------------------------------
with using this with floating static routes you basically point the primary route at the tunnel and the backup route with higher admin pointing at s0/1/0
ip route 4.4.4.4 255.255.255.0 tunnel 12
ip route 4.4.4.4 255.255.255.0 s0/1/0 100
then when the tunnel goes down the int will go down as the keep alives stop and it will move to the backup route
No comments:
Post a Comment