Using the following topology:
In this lab I’m going to configure GRE tunnel between R5 to
R1-R2 HSRP VIP for redundancy purposes, if R1, which is the active router, fails
R2 will establish the tunnel with R5.
Also I will use OSPF as a dynamic routing protocol between
R1-R2-R5.
First let’s start with the FHRP configuration, here is the relevant
configuration of R1:
|
interface FastEthernet0/0
ip address 10.1.123.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.124.1 255.255.255.0
standby version 2
standby 1 ip 10.1.124.254
standby 1 priority 150
standby 1 preempt
duplex auto
speed auto
|
And R2:
|
interface FastEthernet0/0
ip address 10.1.123.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.124.2 255.255.255.0
standby version 2
standby 1 ip 10.1.124.254
standby 1 priority 110
standby 1 preempt
duplex auto
speed auto
|
A GRE tunnel is configured between R1 and R2 to R5, here is R1
configuration:
|
interface Tunnel1
ip address 172.16.0.1 255.255.255.0
ip mtu 1476
ip ospf network point-to-multipoint
ip ospf dead-interval 6
ip ospf hello-interval 2
keepalive 2 4
tunnel source 10.1.124.254
tunnel destination 10.1.45.5
tunnel path-mtu-discovery
|
And R2:
|
interface Tunnel1
ip address 172.16.0.2 255.255.255.0
ip mtu 1476
ip ospf network point-to-multipoint
ip ospf dead-interval 6
ip ospf hello-interval 2
keepalive 2 4
tunnel source 10.1.124.254
tunnel destination 10.1.45.5
tunnel path-mtu-discovery
|
Note that both routers are using the HSRP VIP as tunnel source
for the GRE tunnel.
R5 configuration:
|
interface Tunnel1
ip address 172.16.0.5 255.255.255.0
ip mtu 1476
ip ospf network point-to-multipoint
ip ospf dead-interval 6
ip ospf hello-interval 2
keepalive 2 4
tunnel source FastEthernet0/1
tunnel destination 10.1.124.254
tunnel path-mtu-discovery
|
Tunnel destination on R5 is pointing R1-R2 HSRP VIP.
Now few more notes regarding the tunnels configuration,
first all tunnel interfaces are using 1476 bytes as the correct MTU value
(1500-24 (GRE+IP)), then I have configured keepalive for tunnel failure
detection, I also changed OSPF hello and dead-interval values for fast re-convergence.
Now let’s configure the routing protocol - OSPF is
configured on the tunnel interfaces using point-to-multipoint network mode, R5
advertise network 192.168.51.0/24 while R3 advertise network 192.168.31.0/24,
this is the OSPF configuration:
R1:
|
router ospf 1
router-id 1.1.1.1
network 10.1.123.1 0.0.0.0 area 0
network 172.16.0.1 0.0.0.0 area 0
|
R2:
|
router ospf 1
router-id 2.2.2.2
network 10.1.123.2 0.0.0.0 area 0
network 172.16.0.2 0.0.0.0 area 0
|
R3:
|
router ospf 1
router-id 3.3.3.3
network 10.1.123.3 0.0.0.0 area 0
network 192.168.31.1 0.0.0.0 area 0
|
R5:
|
router ospf 1
router-id 5.5.5.5
network 192.168.51.1 0.0.0.0 area 0
network 172.16.0.5 0.0.0.0 area 0
|
R5 establish OSPF adjacency with R1 but not with R2 due to
tunnel keepalive which prevents R2 to respond to the keepalive hellos:
|
R5#show ip
ospf neighbor
Neighbor
ID Pri State Dead Time Address Interface
1.1.1.1 0
FULL/ - 00:00:04 172.16.0.1 Tunnel1
|
R1 establish adjacency with R5 through the tunnel interface
and with R2 and R3 through the internal network:
|
R1#show ip
ospf neighbor
Neighbor
ID Pri State Dead Time Address Interface
5.5.5.5 0
FULL/ - 00:00:05 172.16.0.5 Tunnel1
2.2.2.2 1
FULL/DROTHER 00:00:39 10.1.123.2 FastEthernet0/0
192.168.31.1
1
FULL/DR 00:00:39 10.1.123.3 FastEthernet0/0
|
Now let’s start continues ping from R5 loopback 1 to R3
loopback 1 while disconnecting R1 Fa0/1 in the middle:
|
R5#ping
192.168.31.1 source lo1 repeat 1000
Type escape
sequence to abort.
Sending
1000, 100-byte ICMP Echos to 192.168.31.1, timeout is 2 seconds:
Packet sent
with a source address of 192.168.51.1
!!!!!!!!!!!!!!!!!!!!!!!!!!...
*Dec 3 12:28:57.311: %OSPF-5-ADJCHG: Process 1,
Nbr 1.1.1.1 on Tunnel1 from FULL to DOWN, Neighbor Down: Dead timer expired..
*Dec 3 12:29:00.355: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Tunnel1, changed state to down...
*Dec 3 12:29:06.371: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Tunnel1, changed state to up
*Dec 3 12:29:07.143: %OSPF-5-ADJCHG: Process 1,
Nbr 2.2.2.2 on Tunnel1 from LOADING to FULL, Loading
Done........!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!.
Success rate
is 80 percent (68/85), round-trip min/avg/max = 88/200/368 ms
|
As we can see R5 has lost some packets but then re-establish
OSPF adjacency with R2 and continue to ping R3 loopback 1. We can fine tune
HSRP and OSPF timers to sub-second and to make the switchover much quicker.
