I am witnessing a weird situation and not sure where else to look. A tunnel has refused to come up between an C2811 and a C1811. I have looked and looked like the whole day! I hate obfuscation, but I have done some. I can avail the obfuscated details privately:-) C1811#sh runn int tunnel 50 Building configuration... Current configuration : 191 bytes ! interface Tunnel50 description Inet test to C2811 ip address 192.168.55.197 255.255.255.252 keepalive 5 2 tunnel source Vlan5 tunnel destination 85.9x.x.23 tunnel key 98745612 end C1811#sh int vlan 5 *Vlan5 is up, line protocol is up* Hardware is EtherSVI, address is 001e.f7d4.8750 (bia 001e.f7d4.8750) Internet address is 41.x.x.1x/30 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:39:52, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 1200 packets output, 72000 bytes, 0 underruns 0 output errors, 1 interface resets 0 output buffer failures, 0 output buffers swapped out C1811#sh int tunn 50 *Tunnel50 is up, line protocol is down* Hardware is Tunnel Description: Inet test to TCRB Internet address is 192.168.55.197/30 MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive set (5 sec), retries 2 Tunnel source 41.x.x.1x (Vlan5), destination 85.9x.x.23 Tunnel protocol/transport GRE/IP Key 0x272CBD89, sequencing disabled Checksumming of packets disabled Tunnel TTL 255 Fast tunneling enabled Tunnel transmit bandwidth 8000 (kbps) Tunnel receive bandwidth 8000 (kbps) Last input 00:35:35, output 01:40:44, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2349 Queueing strategy: fifo Output queue: 0/0 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 13 packets input, 728 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 63 packets output, 5310 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out On the other side (2811): C2811-Telecity#sh runn int tunn 50 Building configuration... Current configuration : 267 bytes ! interface Tunnel50 description Inet test to C1811 ip address 192.168.55.198 255.255.255.252 ip flow ingress ip flow egress qos pre-classify keepalive 5 2 tunnel source 85.9x.x.23 tunnel destination 41.x.x.1x tunnel key 98745612 end C2811-Telecity#sh int tunn 50 *Tunnel50 is up, line protocol is down* Hardware is Tunnel Description: Inet test to C1811 Internet address is 192.168.55.198/30 MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive set (5 sec), retries 2 Tunnel source 85.9x.x.23, destination 41.x.x.1x Tunnel protocol/transport GRE/IP Key 0x272CBD89, sequencing disabled Checksumming of packets disabled Tunnel TTL 255 Fast tunneling enabled Tunnel transmit bandwidth 8000 (kbps) Tunnel receive bandwidth 8000 (kbps) Last input never, output 00:00:02, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1 Queueing strategy: fifo (QOS pre-classification) Output queue: 0/0 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 3365 packets output, 188673 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
@Wash, wacha watu walale! :-)) Ok, to me it seems the problem is with the service providers as your config is pretty straight forward. There is a work around on this, pls google command : ip tcp adjust-mss 1436 and you may find the answer. HTHs. Rgds.
On Mon, Dec 6, 2010 at 7:35 PM, aki <aki275@gmail.com> wrote:
@Wash, wacha watu walale! :-))
Ok, to me it seems the problem is with the service providers as your config is pretty straight forward. There is a work around on this, pls google command : ip tcp adjust-mss 1436 and you may find the answer. HTHs.
@Aki, It did not solve it still. Maybe provider has done something that is fscking this:-) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
@Wash, a couple things you can try. Firstly I hope you set the command below on both routers, it cannot work on one side alone. Remove the routers and physically connect the 2 routers wan ports ( use cat6 and may need a cross-over cable ) and test the setup. This way, you know the 1500bytes window is guaranteed and no service provider inbetween. It could be that one of your site is on wimax and the other on fiber thus creating issues for gre. On GRE, think it is 23 or 26bytes. Also do away with GRE and try out ipsec and see if that brings the tunnels up. A guide to ipsec : http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080... HTHs. :-) On Mon, Dec 6, 2010 at 11:48 PM, Odhiambo Washington <odhiambo@gmail.com>wrote:
On Mon, Dec 6, 2010 at 7:35 PM, aki <aki275@gmail.com> wrote:
@Wash, wacha watu walale! :-))
Ok, to me it seems the problem is with the service providers as your config is pretty straight forward. There is a work around on this, pls google command : ip tcp adjust-mss 1436 and you may find the answer. HTHs.
@Aki,
It did not solve it still.
Maybe provider has done something that is fscking this:-)
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
On Tue, Dec 7, 2010 at 7:29 AM, aki <aki275@gmail.com> wrote:
@Wash, a couple things you can try. Firstly I hope you set the command below on both routers, it cannot work on one side alone.
I set the command on both sides, yes.
Remove the routers and physically connect the 2 routers wan ports ( use cat6 and may need a cross-over cable ) and test the setup.
One router is in Nairobi. The other one is in the UK ;-)
This way, you know the 1500bytes window is guaranteed and no service provider inbetween.
I am going to start blaming the service provider for this, I tell you.
It could be that one of your site is on wimax and the other on fiber thus creating issues for gre.
That is very true. Nairobi site is on WiMAX while the UK site is on fiber.
On GRE, think it is 23 or 26bytes. Also do away with GRE and try out ipsec and see if that brings the tunnels up. A guide to ipsec : http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080...
HTHs. :-)
Wacha I read that and see where I end, before I blame it all on the wimax provider ... -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
On 6 December 2010 18:27, Odhiambo Washington <odhiambo@gmail.com> wrote:
I am witnessing a weird situation and not sure where else to look. A tunnel has refused to come up between an C2811 and a C1811. I have looked and looked like the whole day! I hate obfuscation, but I have done some. I can avail the obfuscated details privately:-)
C1811#sh runn int tunnel 50 Building configuration...
Current configuration : 191 bytes ! interface Tunnel50 description Inet test to C2811 ip address 192.168.55.197 255.255.255.252 keepalive 5 2 tunnel source Vlan5 tunnel destination 85.9x.x.23 tunnel key 98745612 end
Its usually best practice to start with basic configs when things dont work. Try removing the keepalive as well as the tunnel key settings on both sides of the tunnel. U might also want to do a debug on the router to see what errors you get when the tunnel is trying to bring itself up. debug interface tunnel50 -- *./ TJ*
participants (3)
-
aki -
Odhiambo Washington -
TJ