RE: Eigrp GRE problem. from Charles Wallace Jr (wallacc) on 2013-09-04 (Ccielab archives 09/2013)

From: Charles Wallace Jr (wallacc) <wallacc_at_cisco.com>
Date: Wed, 4 Sep 2013 17:07:28 +0000

Ok, so I figured it out.. That trigged something to me to go check. So what happened is that the 2911 is not my border router, so those two routes go to the my two edge router, who are in AS 1. Even though I had static routes on the 2911, when the update came for 10.90.168.0/21, it encompassed the tunnel destination (10.90.172.254), and that route was getting added to both edge routers that the 2911 was the gateway for that network, so it created a loop.. I moved the static routes over to both edge routers and that fixed the problem.. Ibm sure I could probably have filtered it somewhere as well..

From: Joseph L. Brunner [mailto:joe_at_affirmedsystems.com]
Sent: Wednesday, September 04, 2013 12:46 PM
To: Charles Wallace Jr (wallacc); 'raaki.88_at_gmail.com'
Cc: 'ccielab_at_groupstudy.com'
Subject: Re: Eigrp GRE problem.

There must be "gre logic" or a something we don't know about as "advanced beginers!!!"

How is the first router with the 2 (now 1) static routes *thinking* it can reach tunnel des via the tunnel???

Are you seeing Recur-down messages in the log???

From: Charles Wallace Jr (wallacc) [mailto:wallacc_at_cisco.com]
Sent: Wednesday, September 04, 2013 12:35 PM
To: Joseph L. Brunner; 'raaki.88_at_gmail.com' <raaki.88_at_gmail.com<mailto:raaki.88_at_gmail.com>>
Cc: 'ccielab_at_groupstudy.com' <ccielab_at_groupstudy.com<mailto:ccielab_at_groupstudy.com>>
Subject: RE: Eigrp GRE problem.

That is the strange thing, the other tunnels I built to other routers in similar configuration do no need that distribute list. I added it only to rule out that the route to the tunnel source/destination was not some how making it into the routing table and replacing the static route. With or without them the same thing results. Ibm not sure what Ibm missing here, Ibm sure there is some logical explanation but I just canbt find it.

None of it makes any sense. There is nothing that EIGRP puts into the routing table that should change the route to the source/destination (respectively)..

From: Joseph L. Brunner [mailto:joe_at_affirmedsystems.com]
Sent: Wednesday, September 04, 2013 12:32 PM
To: Charles Wallace Jr (wallacc); 'raaki.88_at_gmail.com'
Cc: 'ccielab_at_groupstudy.com'
Subject: Re: Eigrp GRE problem.

Then if your theory is true, why use the distribute lists at all?

Your static routes should always insure non-recursive routing

Your missing something...

Here is a better question -

Does ios have a tunnel protection mechanism whereby IF the route could be learned via the tunnel - it knocks the tunnel down anyway!!!
Stranger things have happened!!!

From: Charles Wallace Jr (wallacc) [mailto:wallacc_at_cisco.com]
Sent: Wednesday, September 04, 2013 12:20 PM
To: Rakesh M <raaki.88_at_gmail.com<mailto:raaki.88_at_gmail.com>>; Joseph L. Brunner
Cc: ccielab_at_groupstudy.com<mailto:ccielab_at_groupstudy.com> <ccielab_at_groupstudy.com<mailto:ccielab_at_groupstudy.com>>
Subject: RE: Eigrp GRE problem.

The distribute list blocks those routes specifically. Why would they go out in an update. I see when I debug the 666 eigrp AS that they are not forwarded out tunnel 666. Even if they were, the static routes would take priority because they have better admin distance. So learning the source or destination wouldnbt be possible in this case. Because there are static routes on both ends respectively, and the distribute list out deny them from going out in the upgrade. So I donbt see how recursive routing *should* be a factor here. Even with redistribution, they would show up as EIGRP external routes, and it has a higher AD than the static routes, so again, shouldnbt be a factor. Look below, maybe it shows the flow a bit better.

2911-1#sh ip route 10.194.172.254 255.255.255.255 Routing entry for 10.194.172.254/32
  Known via "static", distance 1, metric 0
  Routing Descriptor Blocks:
  * 10.90.147.12
     Route metric is 0, traffic share count is 1
    10.90.147.10
      Route metric is 0, traffic share count is 1 2911-1#sh run | include route ip source-route router eigrp 1 router eigrp 100 router eigrp 666 ip route 10.194.172.254 255.255.255.255 10.90.147.12 ip route 10.194.172.254 255.255.255.255 10.90.147.10 2911-1# 2911-1#sh ip access-lists 66 Standard IP access list 66
    6 deny 0.0.0.0 (330 matches)
    7 deny 10.194.172.254
    5 deny 10.90.147.32 (335 matches)
    10 permit 10.90.147.0, wildcard bits 0.0.0.127 (11612 matches)
    20 permit 10.90.250.0, wildcard bits 0.0.0.255 (17723 matches) 2911-1# interface Tunnel666 description GRE tunnel to SJC29 ip address 10.0.0.18 255.255.255.252 ip mtu 1400 ip pim sparse-mode tunnel source Loopback1 tunnel destination 10.194.172.254 end interface Loopback1 ip address 10.90.147.32 255.255.255.255 3945-TUN-SJ29#sh run | include route ip source-route router eigrp 1200 router eigrp 666 ip route 10.0.3.3 255.255.255.255 Tunnel10 ip route 10.90.147.32 255.255.255.255 10.194.172.173 3945-TUN-SJ29#sh ip route 10.90.147.32 255.255.255.255 Routing entry for 10.90.147.32/32
  Known via "static", distance 1, metric 0
  Redistributing via eigrp 1200
  Advertised by eigrp 1200
  Routing Descriptor Blocks:
  * 10.194.172.173
      Route metric is 0, traffic share count is 1 3945-TUN-SJ29#sh ip access 3945-TUN-SJ29#sh ip access-lists 66 Standard IP access list 66
    20 deny 0.0.0.0 (318 matches)
    25 deny 10.194.168.0 (1 match)
    10 deny 10.194.172.254 (103 matches)
    13 deny 10.90.147.32
    30 permit any (133 matches)
3945-TUN-SJ29#

Current configuration : 201 bytes
!
interface Tunnel666
description GRE tunnel to AS lab LWR 5.1 ip address 10.0.0.17 255.255.255.252 ip mtu 1400 ip pim sparse-mode tunnel source Loopback0 tunnel destination 10.90.147.32 !
end

3945-TUN-SJ29#
interface Loopback0
ip address 10.194.172.254 255.255.255.255
From: Rakesh M [mailto:raaki.88_at_gmail.com]
Sent: Wednesday, September 04, 2013 10:59 AM
To: Joseph L. Brunner
Cc: Charles Wallace Jr (wallacc); ccielab_at_groupstudy.com<mailto:ccielab_at_groupstudy.com>
Subject: Re: Eigrp GRE problem.

There are so many redistribution points with the Eigrp Processes, can you provide output for the Tunnel Destination route when there is no distribute-list towards the destination ? Recursive routing happens only when your learn your source from the tunnel.
Thanks

On Wed, Sep 4, 2013 at 8:21 PM, Joseph L. Brunner <joe_at_affirmedsystems.com<mailto:joe_at_affirmedsystems.com>> wrote:
Why the 2 static routes for your tunnel destination? (instead of 1)

ip route 10.194.172.254 255.255.255.255 10.90.147.12 ip route 10.194.172.254 255.255.255.255 10.90.147.10 what interface are these via?

Blogs and organic groups at http://www.ccie.net
Received on Wed Sep 04 2013 - 17:07:28 ART

This archive was generated by hypermail 2.2.0 : Tue Oct 01 2013 - 06:36:35 ART