Copyrights©2009, All rights Reserved

Disclaimer

Home | Free Books Center | Members | MM Guru | Quotes Diary| Contact us | Blog | Sign In | Sign Up

GALLERY SERVICES FORUM Home ABOUT US

 Education Made Easy

L3GRE Tunnelling

===============


Notes by Anuranjan Singh

Date: 22/4/2015


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Tunnelling



- A tunnel looks like one hop, and routing protocols may prefer a tunnel over a multihop physical path.

- This can be deceptive because the tunnel, although it may look like a single hop, may traverse a slower path than a multihop link.

- A tunnel is as robust and fast, or as unreliable and slow, as the links that it actually traverses.

- Routing protocols that make their decisions on the sole basis of hop count will often prefer a tunnel over a set of physical links.

- A tunnel might appear to be a one-hop, point-to-point link and have the lowest-cost path,

  but may actually cost more in terms of latency than an alternative physical topology



Issue with tunnel:

=================


If routing is not carefully configured, the tunnel may have a recursive routing problem.

When the best path to the "tunnel destination" is via the tunnel itself, recursive routing causes the tunnel interface to flap.

To avoid recursive routing problems, keep the control-plane routing separate from the tunnel routing.

Using the following methods:

 –Use a different autonomous system number or tag.

 –Use a different routing protocol.

 –Use static routes to override the first hop (but watch for routing loops).


Remember:

========

 - Encapsulation: It is the process of adding headers to data at each layer of a particular protocol stack.

 - Tunneling: It encapsulates data packets from one protocol inside a different protocol and

   transports the data packets unchanged across a foreign network

 - A tunnel interface is a virtual (or logical) interface

 - GRE is a Layer-3 carrier protocol, Carrier protol can be encapsulated in another carrier protocol

 - L3 Carrier protocols: GRE, IPv6, MPLS, L2TP,PPTP, L2F, IPsec, IP-in-IP

 - L2 Carrier Protocols: PPPoE, PPPoA, UDLR

 - GRE : Generic Routing encapsulation RFC 2784

        

 

Drawback in GRE:

===============

       It doesn't provide security. Therefore we use IPsec tunneling over it.



Question: Why not we use only IPsec tunnel directly, as it is tunnel and provide security, then why GRE we need to involve?

=========


Ans: Ipsec can secure (Authenticate and encapsulate) only Unicast traffic and can't secure Multicast or broadcast traffic.

     GRE is a Unicast packet that can encapsulate any type of traffic unicast/multicast/broadcast.

     Such approach is used to make VPN.


     - IPsec can be use over L2 or L3 GRE.

     - L2 GRE tunnel: For communication accross different sites belogns to same network of same customers (Tunnel end points are L2)

     - L3 GRE tunnel: For communication accross different sites belogns to different network of same customers (Tunnel end oints are L3)


Generic L3 GRE topology compare with MAS:

-----------------------------------------


 

   <==PC-1====>   <====MAS-1===> <============ L3GRE Tunnel=========================> <===MAS-2====>   <====PC-2==>


   ClientPC-1====[11]Router1 [22]==========={ N/W (cisco routers/controllers}===========[33]Router[44]=======ClientPC-2


  

Packet encapsulation and flow:

------------------------------


   <====== [SP L2 header] [SP L3 IP Header] [GRE Header] [Client L2 header] [Client IP header + Data] =======<


 where: SP=> Serveice provider's




%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%


Customer use cases:

==================



---------------------------------------------------------------------

*********** Setup L3 GRE Tunnel 10 *********************************

---------------------------------------------------------------------




        

                  Area 0.0.0.0                               Area 0.0.0.0

      10.10.10.10            10.10.10.11/24      11.11.11.10/24             11.11.11.11

MAS Stack [0/0/0] ===============[0/0/0]MAS Alone[0/0/1]======================[1/1]Controller

           VLAN 10           VLAN10                 VLAN11                    VLAN11

                <192.168.1.1/24----------------L3 GRE----------192.168.1.2/2>

               


LoopBack     5.5.5.5                          6.6.6.6                      7.7.7.7




NOte: L3 GRE tunnel requires same OSPF area, inter area tunnel won't come up, therefore need virtual link or two tunnel.

      In MAS Virtual is not supported.




Remember:  

---------

- Both side tunnel physical ports can have different VLAN ID and differnt networks.

- Here VLAN 10 and VLAN 11 are not tunnel interface but routing interface for tunnel. It require just for source/dest IP for L3 tunnel

- L3 GRE tunnel interface have IPs (192.168.1.1 and 192.168.1.2),

- L3 GRE tunnel interface should be in same subnet. They don't belongs to any VLAN.

- Need to enable OSPF on every node and every interface/vlan

- if we want many client VLAN go via this L3 GRE tunnel then, Just configure and advertise it in OSPF.

- If edge routers MAS are back to back connected then source and destination IP should be in same broadcast domain

- check controller should have license // (Anu3600) #show license



Note: In general OSPF:

======================

if you want to configure two areas 0.0.0.0 and 1.1.1.1 then we need to put that area in global default also.

(AnuS2500-48P-7008) (config) #router ospf

(AnuS2500-48P-7008) (Global OSPF profile) #area 1.1.1.1


We cant have two area 0.0.0.0; check and remove



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%



---------------------------------------------------------------------

*********** MAS STACK Tunnel Config ******************

---------------------------------------------------------------------




(AnuS2500-48T-Stack) #show ver

Version 7.4.0.3


(AnuS2500-48T-Stack) #configure t

Enter Configuration commands, one per line. End with CNTL/Z


(AnuS2500-48T-Stack) (config) #interface tunnel ip 10

(AnuS2500-48T-Stack) (Tunnel "10") #destination-ip 11.11.11.11

(AnuS2500-48T-Stack) (Tunnel "10") #source-ip 10.10.10.10

(AnuS2500-48T-Stack) (Tunnel "10") #mtu 1400

(AnuS2500-48T-Stack) (Tunnel "10") #keepalive 25 25

(AnuS2500-48T-Stack) (Tunnel "10") #ip address 192.168.1.1 255.255.255.0

(AnuS2500-48T-Stack) (Tunnel "10") #exit


(AnuS2500-48T-Stack) (config) #show interface tunnel 10


tunnel 10 is administratively Up, Line protocol is up         <== now protocol is up

Description: GRE Interface

Source  10.10.10.10

Destination 11.11.11.11

Tunnel mtu is set to 1400

Tunnel keepalive is enabled

Tunnel keepalive interval is 25 seconds, retries 25

        Heartbeats sent 62, Heartbeats lost 61

        Tunnel is down 1 times

Tunnel is an L3 GRE Tunnel

Internet address is 192.168.1.1, Netmask is 255.255.255.0



(AnuS2500-48T-Stack) (config) #interface tunnel ip 10

(AnuS2500-48T-Stack) (Tunnel "10") #ospf-profile default

(AnuS2500-48T-Stack) (Tunnel "10") #exit

(AnuS2500-48T-Stack) (config) #show interface-profile ospf-profile default


(AnuS2500-48T-Stack) (config) #router ospf   <== Enable OSPF



Interface OSPF profile "default"

--------------------------------

Parameter            Value

---------            -----

Area                 0.0.0.0

Cost                 1

Dead-interval        40

Hello-interval       10

Retransmit-interval  5

Transmit-delay       1

Priority             1

State                Enabled


(AnuS2500-48T-Stack) (config) #show interface tunnel 10


tunnel 10 is administratively Up, Line protocol is Down    <=== see now protocol is down after adding OSPF

Description: GRE Interface

Source  10.10.10.10

Destination 11.11.11.11

Tunnel mtu is set to 1400

Tunnel keepalive is enabled

Tunnel keepalive interval is 25 seconds, retries 25

        Heartbeats sent 62, Heartbeats lost 61

        Tunnel is down 1 times

Tunnel is an L3 GRE Tunnel

Internet address is 192.168.1.1, Netmask is 255.255.255.0

Ospf-profile "default"                                             <===== Enable OSPF at Tunnel Interface



(AnuS2500-48T-Stack) (config) #vlan 10

(AnuS2500-48T-Stack) (VLAN "10") #exit

(AnuS2500-48T-Stack) (config) #interface-profile switching-profile sw10


(AnuS2500-48T-Stack) (switching profile "sw10") #access-vlan 10

(AnuS2500-48T-Stack) (switching profile "sw10") #exit

(AnuS2500-48T-Stack) (config) #interface vlan 10

(AnuS2500-48T-Stack) (vlan "10") #ip address 10.10.10.10 255.255.255.0

(AnuS2500-48T-Stack) (vlan "10") #ospf-profile default                <== Enable OSPF at interface/vlan10



(AnuS2500-48T-Stack) (config) #interface gigabitethernet 0/0/0

(AnuS2500-48T-Stack) (gigabitethernet "0/0/0") #switching-profile sw10


---------------------


(AnuS2500-48T-Stack) (config) #interface loopback 0

(AnuS2500-48T-Stack) (loopback "0") #ip address 5.5.5.5

(AnuS2500-48T-Stack) (loopback "0") #ospf-profile default

 or

 (AnuS2500-48P-Stack) (config) #interface loopback 0 ip address 5.5.5.5



MAS Stack Config Copy/paste:

============================

show ver

configure t

interface tunnel ip 10

destination-ip 11.11.11.11

source-ip 10.10.10.10

mtu 1400

keepalive 25 25

ip address 192.168.1.1 255.255.255.0

exit

interface tunnel ip 10

ospf-profile default

exit

show interface-profile ospf-profile default

router ospf

vlan 10

exit

interface-profile switching-profile sw10

access-vlan 10

exit

interface vlan 10

ip address 10.10.10.10 255.255.255.0

ospf-profile default

interface gigabitethernet 0/0/0

switching-profile sw10

interface loopback 0

ip address 5.5.5.5

ospf-profile default

exit

write memory



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%


--------------------------------------------------------------------

*********** COntroller L3 GRE TUnnel *******************************

--------------------------------------------------------------------




(Anu3600) #show ver

Version 6.4.2.4


(Anu3600) #configure t

Enter Configuration commands, one per line. End with CNTL/Z


(Anu3600) (config) #interface tunnel 10

(Anu3600) (config-tunnel)#ip address 192.168.1.2 255.255.255.0

(Anu3600) (config-tunnel)#mtu 1400

(Anu3600) (config-tunnel)#tunnel destination 10.10.10.10

(Anu3600) (config-tunnel)#tunnel source 11.11.11.11

(Anu3600) (config-tunnel)#tunnel keepalive 25 25

(Anu3600) (config-tunnel)#exit

(Anu3600) (config) #show interface  tunnel 10


Tunnel 10 is up line protocol is up

Description: Tunnel Interface

Internet address is 192.168.1.2 255.255.255.0

Source  11.11.11.11

Destination 10.10.10.10

Tunnel mtu is set to 1400

Tunnel is an IP GRE TUNNEL

Tunnel is Untrusted

Inter Tunnel Flooding is enabled

Tunnel keepalive is enabled

Keepalive type is Default

Tunnel keepalive interval is 25 seconds, retries 25

        Heartbeats sent 1, Heartbeats lost 0

        Tunnel is down 0 times


(Anu3600) (config) #router ospf                 <== Enable OSPF global, also need to enable at interface



(Anu3600) (config) #show interface tunnel 10


Tunnel 10 is up line protocol is down               <== see protocol is down after OSPF enable

Description: Tunnel Interface

Internet address is 192.168.1.2 255.255.255.0

Source  11.11.11.11

Destination 10.10.10.10

Tunnel mtu is set to 1400

Tunnel is an IP GRE TUNNEL

Tunnel is Untrusted

Inter Tunnel Flooding is enabled

Tunnel keepalive is enabled

Keepalive type is Default

Tunnel keepalive interval is 25 seconds, retries 25

        Heartbeats sent 30, Heartbeats lost 29

        Tunnel is down 1 times



 // (Anu3600) (config) #interface  tunnel 10

 // (Anu3600) (config-tunnel)#ip ospf area 1.1.1.1         <== Put the interface in different area



(Anu3600) (config) #interface  tunnel 10

(Anu3600) (config-tunnel)#ip ospf area 0.0.0.0            <=== Enable interface at tunnel interface




(Anu3600) (config) #interface vlan 11                         <== putting interface in vlan 11

(Anu3600) (config-subif)#ip address 11.11.11.11 255.255.255.0

(Anu3600) (config-subif)#ip ospf area 0.0.0.0                 <== Enable OSPF at interface/vlan11

(Anu3600) (config-subif)#exit

(Anu3600) (config) #router ospf                             <== Enable OSPF on Controller global


(Anu3600) (config) #interface  gigabitethernet 1/1

(Anu3600) (config-if)#switchport access vlan 11




(Anu3600) (config) #interface loopback

(Anu3600) (config-loop)#ip address 7.7.7.7 ?



(Anu3600) (config) #router ospf redistribute ?

loopback                Redistribute loopback address

rapng-vpn               Redistribute RAPNG VPN addresses

vlan                    Redistribute user vlan subnet


(Anu3600) (config) #router ospf redistribute loopback    <== Enable OSPF at loop back,



controller configuration copy/paste

===================================

show ver

configure t

interface tunnel 10

ip address 192.168.1.2 255.255.255.0

mtu 1400

tunnel destination 10.10.10.10

tunnel source 11.11.11.11

tunnel keepalive 25 25

exit

router ospf

show interface tunnel 10

interface  tunnel 10

ip ospf area 0.0.0.0

interface vlan 11   

ip address 11.11.11.11 255.255.255.0

ip ospf area 0.0.0.0

exit

router ospf

interface  gigabitethernet 1/1

switchport access vlan 11

exit

interface loopback

ip address 7.7.7.7

router ospf redistribute loopback

exit

write memory


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%


------------------------------------------------------------------

********************* Config MAS ALNOE *************

-------------------------------------------------------------------



(AnuS2500-48P) #configure t

Enter Configuration commands, one per line. End with CNTL/Z


(AnuS2500-48P) (config) #vlan 10

(AnuS2500-48P) (VLAN "10") #exit

(AnuS2500-48P) (config) #interface-profile switching-profile sw10

(AnuS2500-48P) (switching profile "sw10") #access-vlan 10

(AnuS2500-48P) (switching profile "sw10") #exit

(AnuS2500-48P) (config) #interface vlan 10

(AnuS2500-48P) (vlan "10") #ip address 10.10.10.11 255.255.255.0

(AnuS2500-48P) (vlan "10") #exit

(AnuS2500-48P) (config) #interface gigabitethernet 0/0/0

(AnuS2500-48P) (gigabitethernet "0/0/0") #switching-profile sw10

(AnuS2500-48P) (gigabitethernet "0/0/0") #exit

(AnuS2500-48P) (config) #



(AnuS2500-48P) (config) #interface vlan 10

(AnuS2500-48P) (vlan "10") #ospf-profile default              <===Enable OSPF at interface/vlan10


---------------------


(AnuS2500-48P) (config) #vlan 11

(AnuS2500-48P) (VLAN "11") #exit

(AnuS2500-48P) (config) #interface-profile switching-profile sw11

(AnuS2500-48P) (switching profile "sw11") #access-vlan 11

(AnuS2500-48P) (vlan "11") #ip address 11.11.11.10 255.255.255.0

(AnuS2500-48P) (switching profile "sw11") #exit

(AnuS2500-48P) (config) #interface gigabitethernet 0/0/1

(AnuS2500-48P) (gigabitethernet "0/0/1") #switching-profile sw11

(AnuS2500-48P) (gigabitethernet "0/0/1") #exit


(AnuS2500-48P) (config) #router ospf        <== Enable OSPF global, also need to enable at interface

  


 //(AnuS2500-48P) (config) #interface-profile ospf-profile ospf11

 //(AnuS2500-48P) (Interface OSPF profile "ospf11") #area 1.1.1.1


 //(AnuS2500-48P) (config) #interface vlan 11

 //(AnuS2500-48P) (vlan "11") #ospf-profile ospf11




(AnuS2500-48P) (config) #interface vlan 11

(AnuS2500-48P) (vlan "11") #ospf-profile default            <===Enable OSPF at interface/vlan11



(AnuS2500-48P) (config) #interface loopback 0 ip address 6.6.6.6




Configuration alone MAS copy/paste

==================================



configure t

vlan 10

exit

interface-profile switching-profile sw10

access-vlan 10

exit

interface vlan 10

ip address 10.10.10.11 255.255.255.0

exit

interface gigabitethernet 0/0/0

switching-profile sw10

exit

interface vlan 10

ospf-profile default

vlan 11

exit

interface-profile switching-profile sw11

access-vlan 11

ip address 11.11.11.10 255.255.255.0

exit

interface gigabitethernet 0/0/1

switching-profile sw11

exit

router ospf

interface vlan 11

ospf-profile default

interface loopback 0 ip address 6.6.6.6

exit

write memory



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%


-----------------------------------------------


********************* DEBUG *******************


-----------------------------------------------



(AnuS2500-48T-Stack) #show ip ospf interface


Interface is gre-tunnel10, line protocol is down

Internet Address 192.168.1.1, Mask 255.255.255.0, Area 0.0.0.0

Router ID 10.10.10.10, Network Type POINT_TO_POINT, Cost: 1000

Transmit Delay is 1 sec, State DOWN, Priority 1

Timer intervals configured, Hello 10, Dead 40, Retransmit 5

Neighbor Count is 0

Tx Stat: Hellos 0 DbDescr 0 LsReq 0 LsUpdate 0 LsAck 0 Pkts 0

Rx Stat: Hellos 0 DbDescr 0 LsReq 0 LsUpdate 0 LsAck 0 Pkts 0

         BadCksum 0 BadVer 0 BadNet 0 BadArea 0 BadDstAdr 0 BadAuType 0

         BadAuth 0 BadNeigh 0 BadMTU 0 BadVirtLink 0



Interface is loopback0, line protocol is up

Internet Address 5.5.5.5, Mask 255.255.255.255, Area 0.0.0.0

Router ID 10.10.10.10, Network Type LOOPBACK, Cost: 1

Transmit Delay is 1 sec, State LOOP, Priority 1

Timer intervals configured, Hello 10, Dead 40, Retransmit 5

Neighbor Count is 0

Tx Stat: Hellos 0 DbDescr 0 LsReq 0 LsUpdate 0 LsAck 0 Pkts 0

Rx Stat: Hellos 0 DbDescr 0 LsReq 0 LsUpdate 0 LsAck 0 Pkts 0

         BadCksum 0 BadVer 0 BadNet 0 BadArea 0 BadDstAdr 0 BadAuType 0

         BadAuth 0 BadNeigh 0 BadMTU 0 BadVirtLink 0



Interface is vlan10, line protocol is up

Internet Address 10.10.10.10, Mask 255.255.255.0, Area 0.0.0.0

Router ID 10.10.10.10, Network Type BROADCAST, Cost: 1

Transmit Delay is 1 sec, State BACKUP, Priority 1

Designated Router id 10.10.10.11, Interface Address 10.10.10.11

Backup designated Router id 10.10.10.10, Interface Address 10.10.10.10

Timer intervals configured, Hello 10, Dead 40, Retransmit 5

Neighbor Count is 1

Tx Stat: Hellos 21 DbDescr 6 LsReq 2 LsUpdate 3 LsAck 3 Pkts 35

Rx Stat: Hellos 20 DbDescr 5 LsReq 2 LsUpdate 3 LsAck 2 Pkts 32

         BadCksum 0 BadVer 0 BadNet 0 BadArea 0 BadDstAdr 0 BadAuType 0

         BadAuth 0 BadNeigh 0 BadMTU 0 BadVirtLink 0



(AnuS2500-48T-Stack) # ping 6.6.6.6

Press 'q' to abort.

Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0.667/0.816/1.050 ms



------------------------



(AnuS2500-48P) (config) #show ip ospf interface


Interface is vlan10, line protocol is up

Internet Address 10.10.10.11, Mask 255.255.255.0, Area 0.0.0.0

Router ID 10.10.10.11, Network Type BROADCAST, Cost: 1

Transmit Delay is 1 sec, State DR, Priority 1

Designated Router id 10.10.10.11, Interface Address 10.10.10.11

Backup designated Router id 10.10.10.10, Interface Address 10.10.10.10

Timer intervals configured, Hello 10, Dead 40, Retransmit 5

Neighbor Count is 1

Tx Stat: Hellos 403 DbDescr 5 LsReq 2 LsUpdate 3 LsAck 2 Pkts 415

Rx Stat: Hellos 17 DbDescr 6 LsReq 2 LsUpdate 3 LsAck 3 Pkts 31

         BadCksum 0 BadVer 0 BadNet 0 BadArea 0 BadDstAdr 0 BadAuType 0

         BadAuth 0 BadNeigh 0 BadMTU 0 BadVirtLink 0



Interface is vlan11, line protocol is up

Internet Address 11.11.11.10, Mask 255.255.255.0, Area 0.0.0.0

Router ID 10.10.10.11, Network Type BROADCAST, Cost: 1

Transmit Delay is 1 sec, State DR, Priority 1

Designated Router id 10.10.10.11, Interface Address 11.11.11.10

Backup designated Router id 0.0.0.0, Interface Address 0.0.0.0

Timer intervals configured, Hello 10, Dead 40, Retransmit 5

Neighbor Count is 0

Tx Stat: Hellos 402 DbDescr 0 LsReq 0 LsUpdate 0 LsAck 0 Pkts 402

Rx Stat: Hellos 0 DbDescr 0 LsReq 0 LsUpdate 0 LsAck 0 Pkts 0

         BadCksum 0 BadVer 0 BadNet 0 BadArea 0 BadDstAdr 0 BadAuType 0

         BadAuth 0 BadNeigh 0 BadMTU 0 BadVirtLink 0



Interface is loopback0, line protocol is up

Internet Address 6.6.6.6, Mask 255.255.255.255, Area 0.0.0.0

Router ID 10.10.10.11, Network Type LOOPBACK, Cost: 1

Transmit Delay is 1 sec, State LOOP, Priority 1

Timer intervals configured, Hello 10, Dead 40, Retransmit 5

Neighbor Count is 0

Tx Stat: Hellos 0 DbDescr 0 LsReq 0 LsUpdate 0 LsAck 0 Pkts 0

Rx Stat: Hellos 0 DbDescr 0 LsReq 0 LsUpdate 0 LsAck 0 Pkts 0

         BadCksum 0 BadVer 0 BadNet 0 BadArea 0 BadDstAdr 0 BadAuType 0

         BadAuth 0 BadNeigh 0 BadMTU 0 BadVirtLink 0



(AnuS2500-48P) # ping 5.5.5.5

Press 'q' to abort.

Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0.764/0.883/1.093 ms


---------------------------------------------


(Anu3600) #show ip ospf database


OSPF Database Table

-------------------

Area ID   LSA Type  Link ID   Adv Router  Age  Seq#         Checksum

-------   --------  -------   ----------  ---  ----         --------

0.0.0.0   ROUTER    7.7.7.7   7.7.7.7     68   0x80000001   0x3eaf


(Anu3600) #show ip ospf interface


Tunnel 10 is up, line protocol is up

Internet Address 192.168.1.2, Mask 255.255.255.0, Area 0.0.0.0

Router ID 7.7.7.7, Network Type POINT_TO_POINT, Cost: 1

Transmit Delay is 1 sec, State PTPST, Priority 1

Timer intervals configured, Hello 10, Dead 40, Retransmit 5

Neighbor Count is 1

Tx Stat: Hellos 9 DbDescr 0 LsReq 0 LsUpdate 0 LsAck 0 Pkts 9

Rx Stat: Hellos 8 DbDescr 0 LsReq 0 LsUpdate 0 LsAck 0 Pkts 8

         DisCd 0 BadVer 0 BadNet 0 BadArea 0 BadDstAdr 0 BadAuType 0

         BadAuth 0 BadNeigh 0 BadPckType 0 BadVirtLink 0




(Anu3600) #show interface tunnel 10


Tunnel 10 is up line protocol is up

Description: Tunnel Interface

Internet address is 192.168.1.2 255.255.255.0

Source  11.11.11.11

Destination 10.10.10.10

Tunnel mtu is set to 1400

Tunnel is an IP GRE TUNNEL

Tunnel is Untrusted

Inter Tunnel Flooding is enabled

OSPF is enabled on this interface

Tunnel keepalive is enabled

Keepalive type is Default

Tunnel keepalive interval is 25 seconds, retries 25

        Heartbeats sent 5, Heartbeats lost 4

        Tunnel is down 1 times


(Anu3600) #show ip ospf neighbor


OSPF Neighbor Table

-------------------

Neighbor ID  Pri  State  Address       Interface

-----------  ---  -----  -------       ---------

5.5.5.5      0    INIT   192.168.1.1   Tunnel 10          <== this is stuck in INIT because



-----------------


(Anu3600) #show ip interface brief


Interface                   IP Address / IP Netmask        Admin   Protocol

vlan 1                    172.16.0.254 / 255.255.255.0     up      up

vlan 11                    11.11.11.11 / 255.255.255.0     up      up

loopback                       7.7.7.7 / 255.255.255.255   up      up

mgmt                        unassigned / unassigned        down    down

tunnel 10                  192.168.1.2 / 255.255.255.0     up      down


(Anu3600) #configure t

Enter Configuration commands, one per line. End with CNTL/Z


(Anu3600) (config) #interface vlan 11

(Anu3600) (config-subif)#ip ospf area 0.0.0.0

(Anu3600) (config-subif)#exit

(Anu3600) (config) #router ospf

(Anu3600) (config) #end

(Anu3600) #show ip ospf interface


Vlan 11 is up, line protocol is up

Internet Address 11.11.11.11, Mask 255.255.255.0, Area 0.0.0.0

Router ID 7.7.7.7, Network Type BROADCAST, Cost: 1

Transmit Delay is 1 sec, State BACKUP, Priority 1

Designated Router id 6.6.6.6, Interface Address 11.11.11.10

Backup designated Router id 7.7.7.7, Interface Address 11.11.11.11

Timer intervals configured, Hello 10, Dead 40, Retransmit 5

Neighbor Count is 1

Tx Stat: Hellos 2 DbDescr 2 LsReq 1 LsUpdate 2 LsAck 1 Pkts 8

Rx Stat: Hellos 2 DbDescr 2 LsReq 1 LsUpdate 2 LsAck 2 Pkts 9

         DisCd 0 BadVer 0 BadNet 0 BadArea 0 BadDstAdr 0 BadAuType 0

         BadAuth 0 BadNeigh 0 BadPckType 0 BadVirtLink 0




(Anu3600) #write memory

Saving Configuration...


Configuration Saved.


(Anu3600) #show interface tunnel 10


Tunnel 10 is up line protocol is down

Description: Tunnel Interface

Internet address is 192.168.1.2 255.255.255.0

Source  11.11.11.11

Destination 10.10.10.10

Tunnel mtu is set to 1400

Tunnel is an IP GRE TUNNEL

Tunnel is Untrusted

Inter Tunnel Flooding is enabled

OSPF is enabled on this interface

Tunnel keepalive is enabled

Keepalive type is Default

Tunnel keepalive interval is 25 seconds, retries 25

        Heartbeats sent 1993, Heartbeats lost 1992

        Tunnel is down 2067 times


(Anu3600) #show ip ospf neighbor


OSPF Neighbor Table

-------------------

Neighbor ID  Pri  State     Address       Interface

-----------  ---  -----     -------       ---------

6.6.6.6      1    FULL/DR   11.11.11.10   Vlan 11


(Anu3600) #show ip ospf neighbor


OSPF Neighbor Table

-------------------

Neighbor ID  Pri  State     Address       Interface

-----------  ---  -----     -------       ---------

6.6.6.6      1    FULL/DR   11.11.11.10   Vlan 11


(Anu3600) #show ip ospf neighbor


OSPF Neighbor Table

-------------------

Neighbor ID  Pri  State     Address       Interface

-----------  ---  -----     -------       ---------

5.5.5.5      0    FULL      192.168.1.1   Tunnel 10

6.6.6.6      1    FULL/DR   11.11.11.10   Vlan 11


(Anu3600) #configure t

Enter Configuration commands, one per line. End with CNTL/Z


(Anu3600) (config) #

(Anu3600) (config) #configure t

Enter Configuration commands, one per line. End with CNTL/Z


(Anu3600) (config) #show interface tunnel 10


Tunnel 10 is up line protocol is up

Description: Tunnel Interface

Internet address is 192.168.1.2 255.255.255.0

Source  11.11.11.11

Destination 10.10.10.10

Tunnel mtu is set to 1400

Tunnel is an IP GRE TUNNEL

Tunnel is Untrusted

Inter Tunnel Flooding is enabled

OSPF is enabled on this interface

Tunnel keepalive is enabled

Keepalive type is Default

Tunnel keepalive interval is 25 seconds, retries 25

        Heartbeats sent 1994, Heartbeats lost 1993

        Tunnel is down 2068 times


(Anu3600) (config) #show ip ospf neighbor


OSPF Neighbor Table

-------------------

Neighbor ID  Pri  State     Address       Interface

-----------  ---  -----     -------       ---------

5.5.5.5      0    FULL      192.168.1.1   Tunnel 10

6.6.6.6      1    FULL/DR   11.11.11.10   Vlan 11


(Anu3600) (config) #write memory

Saving Configuration...


Configuration Saved.


(Anu3600) (config) #




(AnuS2500-48T-Stack) #ping 7.7.7.7

Press 'q' to abort.

Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0.581/1.382/4.172 ms



(Anu3600) (config) #router ospf redistribute loopback

(Anu3600) (config) # show ip ospf  ne


OSPF Neighbor Table

-------------------

Neighbor ID  Pri  State     Address       Interface

-----------  ---  -----     -------       ---------

5.5.5.5      0    FULL      192.168.1.1   Tunnel 10

6.6.6.6      1    FULL/DR   11.11.11.10   Vlan 11


(Anu3600) (config) #show ip ospf interface


Tunnel 10 is up, line protocol is up

Internet Address 192.168.1.2, Mask 255.255.255.0, Area 0.0.0.0

Router ID 7.7.7.7, Network Type POINT_TO_POINT, Cost: 1

Transmit Delay is 1 sec, State PTPST, Priority 1

Timer intervals configured, Hello 10, Dead 40, Retransmit 5

Neighbor Count is 1

Tx Stat: Hellos 417 DbDescr 8 LsReq 0 LsUpdate 10 LsAck 5 Pkts 440

Rx Stat: Hellos 390 DbDescr 7 LsReq 0 LsUpdate 11 LsAck 3 Pkts 411

         DisCd 0 BadVer 0 BadNet 0 BadArea 0 BadDstAdr 0 BadAuType 0

         BadAuth 0 BadNeigh 0 BadPckType 0 BadVirtLink 0



Vlan 11 is up, line protocol is up

Internet Address 11.11.11.11, Mask 255.255.255.0, Area 0.0.0.0

Router ID 7.7.7.7, Network Type BROADCAST, Cost: 1

Transmit Delay is 1 sec, State BACKUP, Priority 1

Designated Router id 6.6.6.6, Interface Address 11.11.11.10

Backup designated Router id 7.7.7.7, Interface Address 11.11.11.11

Timer intervals configured, Hello 10, Dead 40, Retransmit 5

Neighbor Count is 1

Tx Stat: Hellos 420 DbDescr 2 LsReq 1 LsUpdate 14 LsAck 19 Pkts 456

Rx Stat: Hellos 421 DbDescr 2 LsReq 1 LsUpdate 21 LsAck 9 Pkts 454

         DisCd 0 BadVer 0 BadNet 0 BadArea 0 BadDstAdr 0 BadAuType 0

         BadAuth 0 BadNeigh 0 BadPckType 0 BadVirtLink 0



(Anu3600) (config) #ping 5.5.5.5

Press 'q' to abort.

Sending 5, 92-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0.718/0.8182/0.941 ms




**********************

Issues:

   - GRE: Unable to ping ip address configured on GRE tunnel

  - GRE:Destination is reachable via default-route even tho

  - GRE:Tunnelnode over L3GRE does not work.

  - GRE:DHCP-relay does not work over GRE tunnel.

  - GRE:DNS resolution does not happen over L3GRE



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%



cost Issue :

===========


Remember Tunnel cost is always high then physical interface


(AnuS2500-48T-Stack) #show ip ospf interface


Interface is gre-tunnel10, line protocol is up

Internet Address 192.168.1.1, Mask 255.255.255.0, Area 0.0.0.0

Router ID 5.5.5.5, Network Type POINT_TO_POINT, Cost: 1000       <==== see tunnel interface cost



Interface is vlan10, line protocol is up

Internet Address 10.10.10.10, Mask 255.255.255.0, Area 0.0.0.0

Router ID 5.5.5.5, Network Type BROADCAST, Cost: 1              <== see cost at physical interface



Interface is loopback0, line protocol is up

Internet Address 5.5.5.5, Mask 255.255.255.255, Area 0.0.0.0

Router ID 5.5.5.5, Network Type LOOPBACK, Cost: 1                <==loopback on corvina



// therefore controller ip 7.7.7.7 is going via physical interface



(AnuS2500-48T-Stack) (config) #show ip route | begin 7

O        7.7.7.7  /32 [3] via 10.10.10.11



// So now increase the cost of OSPF physical interface



(AnuS2500-48T-Stack) (config) #show interface-profile ospf-profile default


Interface OSPF profile "default"

--------------------------------

Parameter            Value

---------            -----

Area                 0.0.0.0

Cost                 1

Dead-interval        40

Hello-interval       10

Retransmit-interval  5

Transmit-delay       1

Priority             1

State                Enabled


(AnuS2500-48T-Stack) (config) #interface-profile ospf-profile default

(AnuS2500-48T-Stack) (Interface OSPF profile "default") #cost 1000

(AnuS2500-48T-Stack) (Interface OSPF profile "default") #exit

(AnuS2500-48T-Stack) (config) #show ip route


Codes: C - connected

       O - OSPF, O(IA) - OSPF inter area

       O(E1) - OSPF external type 1, O(E2) - OSPF external type 2

       O(N1) - OSPF NSSA type 1, O(N2) - OSPF NSSA type 2

       M - mgmt, S - static, * - candidate default

       D - DHCP


C        5.5.5.5  /32 is directly connected: loopback0

O        6.6.6.6  /32 [1001] via 10.10.10.11

O        7.7.7.7  /32 [1001] via 192.168.1.1                   <== se now controller is reachable via tunnel

C        10.10.10.0/24 is directly connected: vlan10

C        10.10.10.10/32 is directly connected: vlan10

O        11.11.11.0/24 [1001] via 10.10.10.11

C        192.168.1.1/32 is directly connected: gre-tunnel10

O        192.168.1.2/32 [1000] via 192.168.1.1


(AnuS2500-48T-Stack) (config) #




Issue: Controller side tunnel cost shows = 1, this is wrong therefore stack is reachable vis tunnlel Interface

=============


(Anu3600) (config) #show ip ospf interface


Tunnel 10 is up, line protocol is up

Internet Address 192.168.1.2, Mask 255.255.255.0, Area 0.0.0.0

Router ID 7.7.7.7, Network Type POINT_TO_POINT, Cost: 1   


(Anu3600) (config) #show ip route | begin 5

O    5.5.5.5/32 [1001/0] via 192.168.1.1*      <== going via tunnle interface




 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%


---------------------------------------------------

Let us verify one bug on same setup:


Bug 87608 - GRE:Tunnelnode over L3GRE does not work.

----------------------------------------------------



Setup:

======





         LoopBack     5.5.5.5                          6.6.6.6                      7.7.7.7

        

                   Area 0.0.0.0                               Area 0.0.0.0

        10.10.10.10            10.10.10.11/24      11.11.11.10/24             11.11.11.11

 MAS Stack [0/0/0] ===============[0/0/0]MAS Alone[0/0/1]======================[1/1]Controller

                 VLAN 10          VLAN10                 VLAN11                VLAN11

                  <192.168.1.1/24----------------L3 GRE----------192.168.1.2/2>

               

   ^

   |              VLAN5,VLAN6

   |

   |

Client 1 (Ixia5)  0/0/5 VLAN5 (switching profile sw5) tunneldnode profile default

Client 2 (Ixia6)  0/0/6 VLAN6 (switching profile sw6) tunneldnode profile default





Concept:

=======


Tunnelednnode: it means from this node port one separate GRE header will encapsulate your packet including its mac therfore you wont see client mac also

on the port.




Since Client 1 and client 2 are in tunneled-node-profile where as soon as packet will come it will get rapped along every thing via

 GRE header and destined to controller IP (defined) from source swithc ip (MAS-stack).


Now below whole packet will become as client packet for L3 GRE routing:


       <=== [Tunneled-node L2 header] [ Tunneled-node L3 header] [Tunneled-node GRE header] [ client L2 header + client L3 header + Client data] ===<


 Tunneled-node L3 header: source-ip: MAS stack swithcip

                            Dest-IP:  Controller ip

     


 Now at controller client packet gets open, he will see that client destination he don't know, therefore he will broadcast ARP packet in same subnet/vlan

and

proxy arp in different subnet/vlan, where it will get again rapped with GRE and reach to client2 unrapped via switch.


After arp resolve controller will have client2 ip in its database. And this way both client can ping each other




Remember in our case there are two GRE header one is from clients rapped and other is of L3 GRE tunnel to reach direct to controller.



Configuration:

==============


(AnuS2500-48T-Stack) #configure t

(AnuS2500-48T-Stack) (config) #interface-profile tunneled-node-profile default

(AnuS2500-48T-Stack) (Tunneled Node Server profile "default") #controller-ip 7.7.7.7

(AnuS2500-48T-Stack) (Tunneled Node Server profile "default") #keepalive 10

(AnuS2500-48T-Stack) (Tunneled Node Server profile "default") #mtu 1400




(AnuS2500-48T-Stack) #show interface-profile tunneled-node-profile default


Tunneled Node Server profile "default" (N/A)

--------------------------------------------

Parameter                     Value

---------                     -----

Controller IP Address         7.7.7.7

Backup Controller IP Address  N/A

Keepalive timeout in seconds  10

MTU on path to controller     1400




(AnuS2500-48T-Stack) #configure t

Enter Configuration commands, one per line. End with CNTL/Z


(AnuS2500-48T-Stack) (config) #vlan 5

(AnuS2500-48T-Stack) (VLAN "5") #exit


(AnuS2500-48T-Stack) (config) #vlan 6

(AnuS2500-48T-Stack) (VLAN "6") #exit


(AnuS2500-48T-Stack) (config) #interface-profile switching-profile sw5

(AnuS2500-48T-Stack) (switching profile "sw5") #access-vlan 5

(AnuS2500-48T-Stack) (switching profile "sw5") #exit


(AnuS2500-48T-Stack) (config) #interface-profile switching-profile sw6

(AnuS2500-48T-Stack) (switching profile "sw6") #access-vlan 6

(AnuS2500-48T-Stack) (switching profile "sw6") #exit


(AnuS2500-48T-Stack) (config) #interface gigabitethernet 0/0/5

(AnuS2500-48T-Stack) (gigabitethernet "0/0/5") #switching-profile sw5

(AnuS2500-48T-Stack) (gigabitethernet "0/0/5") #tunneled-node-profile default        <== Enable Tunneled node profile into interface

(AnuS2500-48T-Stack) (gigabitethernet "0/0/5") #exit


(AnuS2500-48T-Stack) (config) #interface gigabitethernet 0/0/6

(AnuS2500-48T-Stack) (gigabitethernet "0/0/6") #switching-profile sw6

(AnuS2500-48T-Stack) (gigabitethernet "0/0/6") #tunneled-node-profile default

(AnuS2500-48T-Stack) (gigabitethernet "0/0/6") #exit




Remember: Tunnelednode is always L2 node, here vlan will not get IP.


(AnuS2500-48T-Stack) (config) #show tunneled-node state


Tunneled Node State

-------------------

IP       MAC                Port     state        vlan  tunnel  inactive-time

--       ---                ----     -----        ----  ------  -------------

7.7.7.7  00:1a:1e:0d:c4:80  GE0/0/5  in-progress  0005  4094    0000

7.7.7.7  00:1a:1e:0d:c4:80  GE0/0/6  in-progress  0006  4093    0000



Remember:


1. controller should have same VLAN#, as in tunnelednode (here in MAS-Stack).

2. ping should be successful from both side's switch ip  [#show switch ip]

3. Counter should increament for VLAN interface (AnuS2500-48T-Stack) #show interface counters ]

4. Tunneleld node state should be in complete state ( if controller License is not there

   then on tunneled node state will be in-progress)



 

Copy/Paste this issue:

======================

conf t

interface-profile tunneled-node-profile default

controller-ip 7.7.7.7

keepalive 10

mtu 1400

show interface-profile tunneled-node-profile default

configure t

vlan 5

exit

vlan 6

exit

interface-profile switching-profile sw5

access-vlan 5

exit

interface-profile switching-profile sw6

access-vlan 6

!

interface gigabitethernet 0/0/5

switching-profile sw5

interface gigabitethernet 0/0/6

switching-profile sw6

exit

show tunneled-node state

write me





(AnuS2500-48P-7005) #show tunneled-node state


Tunneled Node State

-------------------

IP       MAC                Port      state     vlan  tunnel  inactive-time

--       ---                ----      -----     ----  ------  -------------

7.7.7.7  00:1a:1e:08:90:c0  GE0/0/46  complete  0001  4094    0002