From: Shawn (shawn.yp@netstarnetworks.com)
Date: Wed Aug 17 2005 - 06:45:42 GMT-3
Hi Mesut Abdurrahmani,
I have not heard of any unreliable problem about DM GRE, except the backup
problem. Maybe others can share or input.
But I think you will have the similar problem if one of the remote's WAN
link fail. The fail remote is unable to connect to the rest of the remote
depending on the expiry of the dynamic tunnel.
For example,
you have HQ1 for service provider 1 and HQ 2 for service provider 2
All remote sites will have Ra1 and Ra2, where a is site ID.
When Ra1 WAN link fails, and Ra LAN needs to communicate with Rb LAN.
Traffic flows out via Ra2 (secondary provider) and reaches HQ2. Assume
secondary provider is running DM GRE, traffic flows to Rb2 (dynamic tunnel).
The return traffic will hit Rb1 (Since primary and secondary, we will run
HSRP within each LAN router). Traffic will drops at Rb1 as the tunnel is not
expire yet. If secondary provider is not running DM GRE, traffic flows from
HQ2 to HQ1 via OSPF. From HQ1, traffic flows down to Rb1, and the return
traffic will be drops (dynamic tunnel is still up).
Hope this explains. You have to reduce the hold timer inorder for the
dynamic tunnel drops. I have reduced the timer to 30-60 sec and encounter
traffic drops every 30-60sec due to dynamic tunnel tear down and establish
again.
Thanks,
Shawn Ng
-----Original Message-----
From: Mesut Abdurrahmani [mailto:mesut@kujtesa.com]
Sent: Wednesday, August 17, 2005 4:46 PM
To: 'Shawn'
Cc: ccielab@groupstudy.com
Subject: RE: multipoint GRE
Shawn,
First Thanks for you reply, in regards to backup this Is what I made, the
organization has two providers, and both of them have their equipment on
every site. So In the primary providers equipment I create dynamic tunnels
with OSPF going through that every site advertising it's LAN, and a floating
summary static route for all sites that aren't reachable through OSPF, with
the next hop of the other provider's equipment.
I think the logic works, but the problem to me is to know how much reliable
is to use multipoint gre and NHRP?
-----Original Message-----
From: Shawn [mailto:shawn.yp@netstarnetworks.com]
Sent: Wednesday, August 17, 2005 4:30 AM
To: 'Mesut Abdurrahmani'
Subject: RE: multipoint GRE
Hi,
Not able to send out via the group list, so send to you directly.
Please see below
Thanks,
Shawn Ng
-----Original Message-----
From: Shawn [mailto:shawn.yp@netstarnetworks.com]
Sent: Wednesday, August 17, 2005 10:22 AM
To: 'Mesut Abdurrahmani'; 'ccielab@groupstudy.com'
Subject: RE: multipoint GRE
Hi all,
There is one thing I like to find out is when implementing DM GRE, how can
we backup the Main or WAN link of remote site?
Holdtime, the timer will decrement depending on the value you set (default
is 2hr) with or w/o traffic. If you set to a lower value, sometime you get
packet drops at a periodic interval. (Sometime there isn't any packet
drops). This timer is used to hold the dynamic tunnel formed between
remotes.
When Main/WAN link of remote A fail, the dynamic tunnel in remote B is still
cached inside the remote router, until the timer expire (It is not very good
if you set the holdtimer too high)
Mesut Abdurrahmani,
Just pay attention to the backup or redundancy (e.g ISDN) for remote site to
HUB if you are implementing it.
Thanks,
Shawn Ng
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Mesut
Abdurrahmani
Sent: Wednesday, August 17, 2005 2:23 AM
To: ccielab@groupstudy.com
Subject: multipoint GRE
I was thinking to implement as a solution to an organization multipoint GRE
because of it's simplicity and flexibility, but I had some problems that I
wanted to discuss with you guys. I have managed to implement multipoint GRE
on HUB and two spokes ( not easily ), but the third spoke experiences me
some problem, on that spoke when I do a debug nhrp packet it says that the
"encapsulation succeeded" and that the registration request was sent but the
request doesn't go to the hub router. And the debug on hub router says that
the "encapsulation failed", there are no filters or any other mechanism that
won't allow these two to communicate. The configs are below:
Other 2 spokes have the same config as the below one, expect the IP's that
are different
Spoke router config:
ip address 10.10.0.5 255.255.255.0
no ip redirects
no ip directed-broadcast
ip nhrp authentication xxx
ip nhrp map 10.10.0.1 172.16.x.2
ip nhrp map multicast 172.16.x.2
ip nhrp network-id 77
ip nhrp holdtime 120
ip nhrp nhs 10.10.0.1
ip ospf network broadcast
ip ospf priority 0
tunnel source Ethernet0 (wan interface)
tunnel mode gre multipoint
tunnel key 777
tunnel checksum
HUB router config :
interface Tunnel100
ip address 10.10.0.1 255.255.255.0
no ip redirects
ip nhrp authentication xxx
ip nhrp map multicast 172.16.x.6
ip nhrp map multicast 172.16.x.10
ip nhrp map multicast 172.16.x.14
ip nhrp network-id 77
ip nhrp holdtime 120
ip ospf network broadcast
tunnel source Ethernet1/0 (wan interface)
tunnel mode gre multipoint
tunnel key 777
tunnel checksum
The first two spokes although at first didn't nhrp register at first after
some time the mysteriously registered and they are functioning correctlyI
would like to read your experiences with multipoint gre. I don't know if the
problem is at me, that I still don't know how it functions or simply the
nhrp protocol isn't defined well in cisco, these strange problems make me
think like that. Is there any one that uses multipoint gre on real life
scenario?
Thanks in Advance
Mesut Abdurrahmani
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3