From: Alexander Arsenyev (GU/ETL) (alexander.arsenyev@ericsson.com)
Date: Fri Aug 12 2005 - 13:28:30 GMT-3
Hello Tim,
I tried the same on Cisco 7500-series routers with 12.0.21ST and got same results: very few pings go through, sometimes none of them.
When I enabled "debug tunnel" and "debug ip packet 109 detail" where access-list 109 permits icmp any/any, the following messages were seen (10.9.9.1 is the local end of GRE tunnel):
Router#p 10.9.9.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.9.9.1, timeout is 2 seconds:
Aug 12 17:17:56: IP: s=10.9.9.1 (local), d=10.9.9.1, len 100, cef process switched
Aug 12 17:17:56: ICMP type=8, code=0
Aug 12 17:17:56: IP: s=10.9.9.1 (local), d=10.9.9.1 (Tunnel8), len 100, sending
Aug 12 17:17:56: ICMP type=8, code=0
Aug 12 17:17:56: Tunnel8: GRE decapsulated (linktype=0, len=100).
Aug 12 17:17:58: IP: s=10.9.9.1 (local), d=10.9.9.1, len 100, cef process switched
Aug 12 17:17:58: ICMP type=8, code=0
Aug 12 17:17:58: IP: s=10.9.9.1 (local), d=10.9.9.1 (Tunnel8), len 100, sending
Aug 12 17:17:58: ICMP type=8, code=0
Aug 12 17:17:58: Tunnel8: GRE decapsulated (linktype=0, len=100).!
Aug 12 17:18:00: IP: s=10.9.9.1 (local), d=10.9.9.1, len 100, cef process switched
Aug 12 17:18:00: ICMP type=8, code=0
Aug 12 17:18:00: IP: s=10.9.9.1 (local), d=10.9.9.1 (Tunnel8), len 100, sending
Aug 12 17:18:00: ICMP type=8, code=0
Aug 12 17:18:00: Tunnel8: GRE decapsulated IP 10.9.9.1->10.9.9.1 (len=100, ttl=255)
Aug 12 17:18:00: IP: s=10.9.9.1 (Tunnel8), d=10.9.9.1 (Tunnel8), len 100, rcvd 3
Aug 12 17:18:00: ICMP type=8, code=0
Aug 12 17:18:00: IP: s=10.9.9.1 (local), d=10.9.9.1, len 100, cef process switched
Aug 12 17:18:00: ICMP type=0, code=0
Aug 12 17:18:00: IP: s=10.9.9.1 (local), d=10.9.9.1 (Tunnel8), len 100, sending
Aug 12 17:18:00: ICMP type=0, code=0
Aug 12 17:18:00: Tunnel8: GRE decapsulated IP 10.9.9.1->10.9.9.1 (len=100, ttl=255)
Aug 12 17:18:00: IP: s=10.9.9.1 (Tunnel8), d=10.9.9.1 (Tunnel8), len 100, rcvd 3
Aug 12 17:18:00: ICMP type=0, code=0
Aug 12 17:18:00: IP: s=10.9.9.1 (local), d=10.9.9.1, len 100, cef process switched
Aug 12 17:18:00: ICMP type=8, code=0
Aug 12 17:18:00: IP: s=10.9.9.1 (local), d=10.9.9.1 (Tunnel8), len 100, sending
Aug 12 17:18:00: ICMP type=8, code=0
Aug 12 17:18:00: Tunnel8: GRE decapsulated (linktype=0, len=100).
Aug 12 17:18:02: IP: s=10.9.9.1 (local), d=10.9.9.1, len 100, cef process switched
Aug 12 17:18:02: ICMP type=8, code=0
Aug 12 17:18:02: IP: s=10.9.9.1 (local), d=10.9.9.1 (Tunnel8), len 100, sending
Aug 12 17:18:02: ICMP type=8, code=0
Aug 12 17:18:02: Tunnel8: GRE decapsulated (linktype=0, len=100).
Success rate is 20 percent (1/5), round-trip min/avg/max = 1/1/1 ms
My best theory is that router probably tries to decapsulate ICMP packet instead of GRE and discovers that the resulting payload is not IP (linktype=0).
HTH,
Cheers
Alex
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
ccie2be
Sent: 12 August 2005 14:59
To: Group Study
Subject: pinging local end of tunnel
Hi guys,
Can anyone explain what's going on here? When I ping the local end of
tunnel only some of the pings go thru.
Rack1R2#p 141.1.25.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 141.1.25.2, timeout is 2 seconds:
!...!
Success rate is 40 percent (2/5), round-trip min/avg/max = 1/1/1 ms
Rack1R2#r int tun 0
Building configuration...
Current configuration : 173 bytes
!
interface Tunnel0
bandwidth 10
ip address 141.1.25.2 255.255.255.0
ip ospf message-digest-key 1 md5 cisco
tunnel source Ethernet0/0
tunnel destination 141.1.0.5
But, pinging the far side of tunnel goes thru 100% - no problem.
Rack1R2#p 141.1.25.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 141.1.25.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
Rack1R2#
TIA, Tim
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3