A good 10 years ago I had this issue with DMVPN on Cisco routers plugged into Charter modems in bridge mode mysteriously dropping ESP. Some were fine, some were terrible. I worked around the issue by sourcing the tunnel from a loopback interface and enabling NAT so the tunnel was NAT-T using udp/4500 instead of ESP. Magically, no more issues. I am surprised to hear this is still an issue. Those sites are all Silverpeak SDWAN now with the same modems and no issues- Silverpeak uses udp/12000.
Andrew On Mon, May 12, 2025 at 7:54 PM Brendan Carlson via NANOG < [email protected]> wrote: > Yeah, that's exactly what I have seen in the past. No esp packets coming > back, they're dropped incoming when in bridge mode. I have had better luck > with a replacement modem sometimes. > > --Brendan > > On Mon, May 12, 2025, 17:41 Christopher Aloi via NANOG < > [email protected]> wrote: > > > Thanks Eric and Brendan. Yes, this is specifically related to when we > put > > the rac2v1s in bridge mode and I bind one of the static public IP > addresses > > to my router. If I captured packets on my router I can see GRE packets > > leaving my router destined for my data center, but I never see any of the > > return packets I send. They are being lost/dropped on the way back in. > I > > am up to 30 of these now. What I can't grock is why they come in at a > rate > > of ~5 every morning. If anyone has any contacts at Spectrum that might > > listen, or a workaround, please let me know! > > > > On Mon, May 12, 2025 at 4:04 PM Eric C. Miller via NANOG < > > [email protected]> wrote: > > > > > Sorry, no help from here per se, but I used to get into the same > > situation > > > with AT&T Uverse routers. It seemed to be an issue with the built-in > > > stateful firewall of the DSL router. I was able to get around it by > > having > > > tunnels to multiple public IPs and rotating their usage with a script > on > > > our equipment. The problem seems to self-resolve after a reboot. Very > > > frustrating when you pay for static IPs. > > > > > > Good luck! > > > > > > Eric > > > ________________________________ > > > From: Brendan Carlson via NANOG <[email protected]> > > > Sent: Monday, May 12, 2025 3:20 PM > > > To: North American Network Operators Group <[email protected]> > > > Cc: Brendan Carlson <[email protected]> > > > Subject: Re: Spectrum & GRE > > > > > > I've seen the same thing on those same models with them being in bridge > > > mode specifically. They generally have issues with gre and l2tp > tunnels. > > > > > > On Mon, May 12, 2025 at 12:13 PM Christopher Aloi via NANOG < > > > [email protected]> wrote: > > > > > > > Hey All, > > > > > > > > Hoping someone can lend a hand here. I have ~ 1k customers running > > GRE > > > > tunnels back to me for VoIP. Over the last three weeks these tunnels > > > have > > > > started to break at a rate of 3-5 per day. We've narrowed it down to > > > > customers using specific Spectrum routers (rac2v1s and rac2v2s). I > am > > > > still able to access the public IP but the tunnel drops and will not > > come > > > > back up. The fix has been to reconfigure as VPN or have the CPE > router > > > > replaced with a rac2v1k. I have been unable to get anyone to listen > to > > > me > > > > at Spectrum as these accounts are owned by the customer and I can't > > > prove a > > > > systemic issue. I have a list of accounts that have been impacted. > > Has > > > > anyone else encountered this? Any contacts at Spectrum that might > > listen > > > > to me? I am fearing all of these tunnels will go down at some point. > > > > > > > > Thanks, > > > > > > > > Chris > > > > _______________________________________________ > > > > NANOG mailing list > > > > > > > > > > > > > > https://lists.nanog.org/archives/list/[email protected]/message/Q344UTT7EK7AGJ3YY7OHJZZ7UBPZI63H/ > > > > > > > _______________________________________________ > > > NANOG mailing list > > > > > > > > > https://lists.nanog.org/archives/list/[email protected]/message/727V6TQH3LZ5M6XPFMWZUR52JEJ4YLB5/ > > > _______________________________________________ > > > NANOG mailing list > > > > > > > > > https://lists.nanog.org/archives/list/[email protected]/message/Z7Z4YWCI4MKTOOXOLIYSJTVWNVGMKAE6/ > > _______________________________________________ > > NANOG mailing list > > > > > https://lists.nanog.org/archives/list/[email protected]/message/FHFYKLHGVYR7ZLTQ6GG7G3VAH4WQJMF5/ > _______________________________________________ > NANOG mailing list > > https://lists.nanog.org/archives/list/[email protected]/message/NZGY4XEV43YPYNPHQYIZ2SIOEJWIXWAQ/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/RUAHK5BGTDCLELV6DYGCX3O6AIPUQU3I/
