RE: GRE Tunnel Recursive Routing Error [7:74035]
You're getting a race condition because you're injecting the tunnel's ip address into your control plane routing. Your tunnel protocol is using your routing to transfer payload from one end to another. However when you use the ip address of the tunnel and injecting it into your routing protocol, your router will now think that the best way to get from tunnel endpoint A to endpoint B is to send all packets control packets included into endpoint A, this will be 1 hop away. This will cause recursiving routing. To fix this, remove the tunnel network address from your EIGRP routing process. As a rule of thumb for implementing any GRE tunnel and putting an ip address on them, NEVER ADVERTISE YOUR TUNNEL ADDRESS INTO ANY ROUTING PROTOCOL THAT YOUR ROUTER IS USING TO TALK TO EACH OTHER. Hope this helps. -Doan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74208t=74035 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: GRE Tunnel Recursive Routing Error [7:74035]
I would think security point of view...there would be better solutions...however...this is just a lab scenario. Thanks so much for your help though. I see the problem now and changed the static route to point to tunnel destination. Thanks! Dain Zsombor Papp wrote in message news:[EMAIL PROTECTED] r1 (bb2) learns the route to the destination of the GRE tunnel, 150.50.22.2, via that same GRE tunnel. Add a static route like this to r1's configuration: ip route 150.50.22.2 255.255.255.255 Ethernet0 As a side note, is this (GRE tunnel through the PIX) a good design from the security point of view? Thanks, Zsombor Dain Deutschman wrote: Hi all, I'm getting a recursive routing error when trying to tunnel with gre. r1-pix-r2 The error follows along with my configs and route tables. Thanks! 00:52:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down bb2# 00:53:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up 00:53:30: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routin g 00:53:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down 00:54:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up 00:54:40: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routin g bb2#wr t Building configuration... Current configuration : 913 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname bb2 ! ! ! ! ! ! ip subnet-zero ip domain-name hellocomputers.com ip name-server 4.1.1.1 ! ! ! ! ! ! interface Loopback0 ip address 112.112.112.112 255.255.255.0 ! interface Tunnel0 ip address 172.16.22.112 255.255.255.0 tunnel source 10.10.112.112 tunnel destination 150.50.22.2 ! interface Ethernet0 ip address 10.10.112.112 255.255.255.0 ! interface Serial0 no ip address shutdown no fair-queue ! interface Serial1 no ip address shutdown ! interface BRI0 no ip address shutdown isdn x25 static-tei 0 ! router eigrp 100 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 10.10.112.12 ip route 172.16.22.2 255.255.255.255 Ethernet0 ip http server ! ! alias exec c config t ! line con 0 line aux 0 line vty 0 4 login ! end bb2# r2#wr t Building configuration... Current configuration : 2557 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname r2 ! logging buffered 4096 debugging ! username all memory-size iomem 10 ip subnet-zero ! ! ip domain name hellocomputers.com ip name-server 4.1.1.1 ! ip audit notify log ip audit po max-events 100 ! ! ! key chain keyr2 key 1 key-string 7 151A0E000825 ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface Loopback0 ip address 22.22.22.22 255.255.255.0 ! interface Tunnel0 ip address 172.16.22.2 255.255.255.0 tunnel source 150.50.22.2 tunnel destination 150.50.22.112 ! interface FastEthernet0/0 ip address 150.50.22.2 255.255.255.0 ip rip authentication mode md5 ip rip authentication key-chain keyr2 duplex auto speed auto ! interface Serial0/0 no ip address encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial0/0.21 point-to-point ip address 150.50.12.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 04530E0A032E ip ospf network point-to-point frame-relay interface-dlci 121 ! interface Serial0/0.23 point-to-point ip address 150.50.23.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 130D121E0703 frame-relay interface-dlci 123 ! interface Serial0/0.24 point-to-point ip address 150.50.24.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 011B03085704 frame-relay interface-dlci 124 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! router eigrp 100 network 150.50.0.0 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes ! router ospf 100 router-id 22.22.22.22 log-adjacency-changes area 1 virtual-link 11.11.11.11 network 22.22.22.0 0.0.0.255 area 1 network 150.50.12.0 0.0.0.255 area 1 network 150.50.23.0 0.0.0.255 area 2 network 150.50.24.0 0.0.0.255 area 1 ! router rip version 2 passive-interface Serial0/0.21 passive-interface Serial0/0.23 passive-interface Serial0/0.24 network 150.50.0.0
RE: GRE Tunnel Recursive Routing Error [7:74035]
r1 (bb2) learns the route to the destination of the GRE tunnel, 150.50.22.2, via that same GRE tunnel. Add a static route like this to r1's configuration: ip route 150.50.22.2 255.255.255.255 Ethernet0 As a side note, is this (GRE tunnel through the PIX) a good design from the security point of view? Thanks, Zsombor Dain Deutschman wrote: Hi all, I'm getting a recursive routing error when trying to tunnel with gre. r1-pix-r2 The error follows along with my configs and route tables. Thanks! 00:52:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down bb2# 00:53:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up 00:53:30: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routin g 00:53:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down 00:54:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up 00:54:40: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routin g bb2#wr t Building configuration... Current configuration : 913 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname bb2 ! ! ! ! ! ! ip subnet-zero ip domain-name hellocomputers.com ip name-server 4.1.1.1 ! ! ! ! ! ! interface Loopback0 ip address 112.112.112.112 255.255.255.0 ! interface Tunnel0 ip address 172.16.22.112 255.255.255.0 tunnel source 10.10.112.112 tunnel destination 150.50.22.2 ! interface Ethernet0 ip address 10.10.112.112 255.255.255.0 ! interface Serial0 no ip address shutdown no fair-queue ! interface Serial1 no ip address shutdown ! interface BRI0 no ip address shutdown isdn x25 static-tei 0 ! router eigrp 100 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 10.10.112.12 ip route 172.16.22.2 255.255.255.255 Ethernet0 ip http server ! ! alias exec c config t ! line con 0 line aux 0 line vty 0 4 login ! end bb2# r2#wr t Building configuration... Current configuration : 2557 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname r2 ! logging buffered 4096 debugging ! username all memory-size iomem 10 ip subnet-zero ! ! ip domain name hellocomputers.com ip name-server 4.1.1.1 ! ip audit notify log ip audit po max-events 100 ! ! ! key chain keyr2 key 1 key-string 7 151A0E000825 ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface Loopback0 ip address 22.22.22.22 255.255.255.0 ! interface Tunnel0 ip address 172.16.22.2 255.255.255.0 tunnel source 150.50.22.2 tunnel destination 150.50.22.112 ! interface FastEthernet0/0 ip address 150.50.22.2 255.255.255.0 ip rip authentication mode md5 ip rip authentication key-chain keyr2 duplex auto speed auto ! interface Serial0/0 no ip address encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial0/0.21 point-to-point ip address 150.50.12.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 04530E0A032E ip ospf network point-to-point frame-relay interface-dlci 121 ! interface Serial0/0.23 point-to-point ip address 150.50.23.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 130D121E0703 frame-relay interface-dlci 123 ! interface Serial0/0.24 point-to-point ip address 150.50.24.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 011B03085704 frame-relay interface-dlci 124 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! router eigrp 100 network 150.50.0.0 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes ! router ospf 100 router-id 22.22.22.22 log-adjacency-changes area 1 virtual-link 11.11.11.11 network 22.22.22.0 0.0.0.255 area 1 network 150.50.12.0 0.0.0.255 area 1 network 150.50.23.0 0.0.0.255 area 2 network 150.50.24.0 0.0.0.255 area 1 ! router rip version 2 passive-interface Serial0/0.21 passive-interface Serial0/0.23 passive-interface Serial0/0.24 network 150.50.0.0 neighbor 150.50.22.12 no auto-summary ! ip classless ip route 172.16.22.112 255.255.255.255 FastEthernet0/0 ip http server ip pim bidir-enable ! ! access-list 2 permit 112.112.112.112 access-list 2 permit 150.50.22.2 ! call rsvp-sync ! voice-port 1/0/0 ! voice-port 1/0/1 ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! alias exec c config t ! line con 0 line aux 0 line vty 0 4 login ! ! end r2#sh ip route Gateway of last resort is 150.50.22.12 to network 0.0.0.0
RE: GRE Tunnel Recursive Routing Error [7:74035]
On r2 use a Loopback interface to terminate the tunnel Aurelian Georgescu -Original Message- From: Dain Deutschman [mailto:[EMAIL PROTECTED] Sent: Saturday, August 16, 2003 12:11 AM To: [EMAIL PROTECTED] Subject: GRE Tunnel Recursive Routing Error [7:74035] Hi all, I'm getting a recursive routing error when trying to tunnel with gre. r1-pix-r2 The error follows along with my configs and route tables. Thanks! 00:52:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down bb2# 00:53:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up 00:53:30: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routin g 00:53:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down 00:54:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up 00:54:40: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routin g bb2#wr t Building configuration... Current configuration : 913 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname bb2 ! ! ! ! ! ! ip subnet-zero ip domain-name hellocomputers.com ip name-server 4.1.1.1 ! ! ! ! ! ! interface Loopback0 ip address 112.112.112.112 255.255.255.0 ! interface Tunnel0 ip address 172.16.22.112 255.255.255.0 tunnel source 10.10.112.112 tunnel destination 150.50.22.2 ! interface Ethernet0 ip address 10.10.112.112 255.255.255.0 ! interface Serial0 no ip address shutdown no fair-queue ! interface Serial1 no ip address shutdown ! interface BRI0 no ip address shutdown isdn x25 static-tei 0 ! router eigrp 100 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 10.10.112.12 ip route 172.16.22.2 255.255.255.255 Ethernet0 ip http server ! ! alias exec c config t ! line con 0 line aux 0 line vty 0 4 login ! end bb2# r2#wr t Building configuration... Current configuration : 2557 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname r2 ! logging buffered 4096 debugging ! username all memory-size iomem 10 ip subnet-zero ! ! ip domain name hellocomputers.com ip name-server 4.1.1.1 ! ip audit notify log ip audit po max-events 100 ! ! ! key chain keyr2 key 1 key-string 7 151A0E000825 ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface Loopback0 ip address 22.22.22.22 255.255.255.0 ! interface Tunnel0 ip address 172.16.22.2 255.255.255.0 tunnel source 150.50.22.2 tunnel destination 150.50.22.112 ! interface FastEthernet0/0 ip address 150.50.22.2 255.255.255.0 ip rip authentication mode md5 ip rip authentication key-chain keyr2 duplex auto speed auto ! interface Serial0/0 no ip address encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial0/0.21 point-to-point ip address 150.50.12.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 04530E0A032E ip ospf network point-to-point frame-relay interface-dlci 121 ! interface Serial0/0.23 point-to-point ip address 150.50.23.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 130D121E0703 frame-relay interface-dlci 123 ! interface Serial0/0.24 point-to-point ip address 150.50.24.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 011B03085704 frame-relay interface-dlci 124 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! router eigrp 100 network 150.50.0.0 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes ! router ospf 100 router-id 22.22.22.22 log-adjacency-changes area 1 virtual-link 11.11.11.11 network 22.22.22.0 0.0.0.255 area 1 network 150.50.12.0 0.0.0.255 area 1 network 150.50.23.0 0.0.0.255 area 2 network 150.50.24.0 0.0.0.255 area 1 ! router rip version 2 passive-interface Serial0/0.21 passive-interface Serial0/0.23 passive-interface Serial0/0.24 network 150.50.0.0 neighbor 150.50.22.12 no auto-summary ! ip classless ip route 172.16.22.112 255.255.255.255 FastEthernet0/0 ip http server ip pim bidir-enable ! ! access-list 2 permit 112.112.112.112 access-list 2 permit 150.50.22.2 ! call rsvp-sync ! voice-port 1/0/0 ! voice-port 1/0/1 ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! alias exec c config t ! line con 0 line aux 0 line vty 0 4 login ! ! end r2#sh ip route Gateway of last resort is 150.50.22.12 to network 0.0.0.0 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.16.22.0/24 is directly connected, Tunnel0 S 172.16.22.112/32 is directly connected, FastEthernet0/0 22.0.0.0/24 is subnetted, 1 subnets C 22.22.22.0 is directly connected, Loopback0 150.50.0.0/24 is subnetted, 1 subnets C 150.50.22.0 is directly
GRE Tunnel Recursive Routing Error [7:74035]
Hi all, I'm getting a recursive routing error when trying to tunnel with gre. r1-pix-r2 The error follows along with my configs and route tables. Thanks! 00:52:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down bb2# 00:53:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up 00:53:30: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routin g 00:53:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down 00:54:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up 00:54:40: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routin g bb2#wr t Building configuration... Current configuration : 913 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname bb2 ! ! ! ! ! ! ip subnet-zero ip domain-name hellocomputers.com ip name-server 4.1.1.1 ! ! ! ! ! ! interface Loopback0 ip address 112.112.112.112 255.255.255.0 ! interface Tunnel0 ip address 172.16.22.112 255.255.255.0 tunnel source 10.10.112.112 tunnel destination 150.50.22.2 ! interface Ethernet0 ip address 10.10.112.112 255.255.255.0 ! interface Serial0 no ip address shutdown no fair-queue ! interface Serial1 no ip address shutdown ! interface BRI0 no ip address shutdown isdn x25 static-tei 0 ! router eigrp 100 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 10.10.112.12 ip route 172.16.22.2 255.255.255.255 Ethernet0 ip http server ! ! alias exec c config t ! line con 0 line aux 0 line vty 0 4 login ! end bb2# r2#wr t Building configuration... Current configuration : 2557 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname r2 ! logging buffered 4096 debugging ! username all memory-size iomem 10 ip subnet-zero ! ! ip domain name hellocomputers.com ip name-server 4.1.1.1 ! ip audit notify log ip audit po max-events 100 ! ! ! key chain keyr2 key 1 key-string 7 151A0E000825 ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface Loopback0 ip address 22.22.22.22 255.255.255.0 ! interface Tunnel0 ip address 172.16.22.2 255.255.255.0 tunnel source 150.50.22.2 tunnel destination 150.50.22.112 ! interface FastEthernet0/0 ip address 150.50.22.2 255.255.255.0 ip rip authentication mode md5 ip rip authentication key-chain keyr2 duplex auto speed auto ! interface Serial0/0 no ip address encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial0/0.21 point-to-point ip address 150.50.12.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 04530E0A032E ip ospf network point-to-point frame-relay interface-dlci 121 ! interface Serial0/0.23 point-to-point ip address 150.50.23.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 130D121E0703 frame-relay interface-dlci 123 ! interface Serial0/0.24 point-to-point ip address 150.50.24.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 011B03085704 frame-relay interface-dlci 124 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! router eigrp 100 network 150.50.0.0 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes ! router ospf 100 router-id 22.22.22.22 log-adjacency-changes area 1 virtual-link 11.11.11.11 network 22.22.22.0 0.0.0.255 area 1 network 150.50.12.0 0.0.0.255 area 1 network 150.50.23.0 0.0.0.255 area 2 network 150.50.24.0 0.0.0.255 area 1 ! router rip version 2 passive-interface Serial0/0.21 passive-interface Serial0/0.23 passive-interface Serial0/0.24 network 150.50.0.0 neighbor 150.50.22.12 no auto-summary ! ip classless ip route 172.16.22.112 255.255.255.255 FastEthernet0/0 ip http server ip pim bidir-enable ! ! access-list 2 permit 112.112.112.112 access-list 2 permit 150.50.22.2 ! call rsvp-sync ! voice-port 1/0/0 ! voice-port 1/0/1 ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! alias exec c config t ! line con 0 line aux 0 line vty 0 4 login ! ! end r2#sh ip route Gateway of last resort is 150.50.22.12 to network 0.0.0.0 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.16.22.0/24 is directly connected, Tunnel0 S 172.16.22.112/32 is directly connected, FastEthernet0/0 22.0.0.0/24 is subnetted, 1 subnets C 22.22.22.0 is directly connected, Loopback0 150.50.0.0/24 is subnetted, 1 subnets C 150.50.22.0 is directly connected, FastEthernet0/0 R* 0.0.0.0/0 [120/1] via 150.50.22.12, 00:00:03, FastEthernet0/0 r2# r2# ts129 [Resuming connection 9 to bb2 ... ] 00:5 bb2#sh ip route Gateway of last resort is 10.10.112.12 to network 0.0.0.0 172.16.0.0/32 is subnetted, 1 subnets S
