[LARTC] GRE tunnel
mark
markdv.lartc at asphyx.net
Wed Jun 27 22:54:04 CEST 2007
On Wed, 2007-06-27 at 10:29 -0600, Greg Hartung wrote:
> Finally, a hint of light:
>
> The first is a tcpdump while pinging the remote end, 66.1.2.161, and it
> looks normal:
>
> 10:12:10.441842 > 00:19:b9:dd:ff:d9 ip 100: IP 66.1.1.161 > 66.1.2.161: icmp
> 64: echo request seq 1
> 10:12:10.442344 < 00:01:e8:0f:ee:f8 ip 100: IP 66.1.2.161 > 66.1.1.161: icmp
> 64: echo reply seq 1
>
> This next is a ping of the remote tunnel end, 10.253.253.2
>
> 10:12:18.970786 > 00:19:b9:dd:ff:d9 arp 44: arp who-has 66.1.2.161 tell
> 66.1.1.161
>
> I am *very* confused by this. Somehow, when I try to send traffic thru the
> tunnel, it thinks that the remote physical end is directly attached and
> should ARP for it even tho it is pingable?!?!!? It is definitely not on-net
> - it is many hops away - but it is reachable via a default route.
Hmmm... interrestig. What does "ip ro get 66.1.2.161" say? And for
10.253.253.2?
Regards,
Mark.
> Routing table before the tunnel is configured:
>
> [root at den1tun01 ~]# netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> 66.1.1.128 0.0.0.0 255.255.255.192 U 0 0 0
> eth0.2
> 10.1.2.0 0.0.0.0 255.255.254.0 U 0 0 0
> eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth0.2
> 10.0.0.0 10.1.2.254 255.0.0.0 UG 0 0 0
> eth0
> 0.0.0.0 66.11.51.129 0.0.0.0 UG 0 0 0
> eth0.2
> [root at den1tun01 ~]#
>
> And while it's configured:
>
> [root at den1tun01 ~]# netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> 66.1.1.128 0.0.0.0 255.255.255.192 U 0 0 0
> eth0.2
> 10.253.253.0 0.0.0.0 255.255.255.0 U 0 0 0
> gretun
> 10.1.2.0 0.0.0.0 255.255.254.0 U 0 0 0
> eth0
> 10.50.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> gretun
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth0.2
> 10.0.0.0 10.1.2.254 255.0.0.0 UG 0 0 0
> eth0
> 0.0.0.0 66.11.51.129 0.0.0.0 UG 0 0 0
> eth0.2
>
>
>
> On 6/26/07 5:01 PM, "Greg Hartung" <ghartung at photobucket.com> wrote:
>
> >
> > I'm still stuck on this one and could really use some help. I just
> > finished trying it on an FC3 box too to make sure it wasn't CentOS specific
> > issue but there's still no output from tcpdump.
> >
> > I also spent some time looking over Cisco examples to make sure I wasn't
> > misremembering the concepts. No surprises there.
> >
> > Does anyone have any ideas or can someone suggest a more appropriate
> > forum for the question?
> >
> > Thanks!!
> >
> > On 6/21/07 11:52 AM, "Greg Hartung" <ghartung at photobucket.com> wrote:
> >
> >>
> >> I am trying to setup GRE between two CentOS 4.5 boxes. I have tried
> >> several variations of what's listed below, but none of them work.
> >>
> >> box1:
> >> modprobe ip_gre
> >> ip link set gre0 up
> >> ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20 dev
> >> eth0
> >> ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24
> >> ip link set dev gretun up
> >> ip route add 10.2.0.0/16 via 10.253.253.2
> >>
> >> box2:
> >> modprobe ip_gre
> >> ip link set gre0 up
> >> ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161 ttl 20 dev
> >> eth0
> >> ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24
> >> ip link set dev gretun up
> >> ip route add 10.1.0.0/16 via 10.253.253.1
> >>
> >> tcpdump shows NO rx or tx traffic from either box that isn't ARP or SSH.
> >>
> >> It's as if it's not even trying to bring the tunnel up. I'm a Cisco guy,
> >> so I'm lost with my show commands.
> >>
> >> The other variations I've tried consist mostly of trying different
> >> combinations of on-net (in the same subnet as eth0 and even the same address
> >> as eth0) and off-net (various combinations of loopback /24 and /32 addresses
> >> in separate 10 space) on the 'ip addr add dev gretun' statements. But the
> >> above example is what *should* work on a Cisco, I think. It's been a
> >> while.
> >>
> >> How do I troubleshoot this? This is all I've got so far:
> >>
> >> root at den1tun01:/home/root $ ip link
> >> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
> >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> >> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc pfifo_fast qlen 1000
> >> link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
> >> 3: eth0.2: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc noqueue
> >> link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
> >> 4: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
> >> link/gre 0.0.0.0 brd 0.0.0.0
> >> 5: gretun at eth0: <POINTOPOINT,NOARP,UP> mtu 8776 qdisc noqueue
> >> link/gre 66.1.1.161 peer 66.1.2.161
> >>
> >> root at den1tun01:/home/root $ ip tun
> >> gre0: gre/ip remote any local any ttl inherit nopmtudisc
> >> gretun: gre/ip remote 66.1.2.161 local 66.1.1.161 dev eth0 ttl 20
> >>
> >> root at den1tun01:/home/root $ ifconfig
> >> eth0 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9
> >> inet addr:10.1.2.243 Bcast:10.1.3.255 Mask:255.255.254.0
> >> UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1
> >> RX packets:3357 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:484 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:1000
> >> RX bytes:230757 (225.3 KiB) TX bytes:63937 (62.4 KiB)
> >> Interrupt:169 Memory:f8000000-f8011100
> >>
> >> eth0.2 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9
> >> inet addr:66.1.1.161 Bcast:66.1.1.191 Mask:255.255.255.192
> >> UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1
> >> RX packets:950 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:0
> >> RX bytes:43860 (42.8 KiB) TX bytes:1200 (1.1 KiB)
> >>
> >> gretun Link encap:UNSPEC HWaddr
> >> 42-0B-33-A1-FF-C0-00-00-00-00-00-00-00-00-00-00
> >> inet addr:10.253.253.1 P-t-P:10.253.253.2 Mask:255.255.255.0
> >> UP POINTOPOINT RUNNING NOARP MTU:8776 Metric:1
> >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:0
> >> RX bytes:0 (0.0 b) TX bytes:756 (756.0 b)
> >>
> >> gre0 Link encap:UNSPEC HWaddr
> >> 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
> >> UP RUNNING NOARP MTU:1476 Metric:1
> >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:0
> >> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> >>
> >> lo Link encap:Local Loopback
> >> inet addr:127.0.0.1 Mask:255.0.0.0
> >> UP LOOPBACK RUNNING MTU:16436 Metric:1
> >> RX packets:225 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:0
> >> RX bytes:13271 (12.9 KiB) TX bytes:13271 (12.9 KiB)
> >>
> >>
> >> I've also tried changing the destination for the route to the near end of
> >> the private subnet and tried pinging various things on the tunnel subnet and
> >> remote network to create "interesting traffic" to bring the tunnel up but
> >> tcpdump still shows nothing.
> >>
> >> Then I noticed that ping does show an error count:
> >>
> >> [root at den1tun01 ~]# ping 10.253.253.2
> >> PING 10.253.253.2 (10.253.253.2) 56(84) bytes of data.
> >>> From 10.253.253.1 icmp_seq=0 Destination Host Unreachable
> >>> From 10.253.253.1 icmp_seq=1 Destination Host Unreachable
> >>
> >> --- 10.253.253.2 ping statistics ---
> >> 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1000ms
> >> , pipe 2
> >>
> >> I can ping the local end: 10.253.253.1, but the tunnel is still
> >> non-functinoal.
> >>
> >> Thanks!
> >> Greg
> >>
> >> _______________________________________________
> >> LARTC mailing list
> >> LARTC at mailman.ds9a.nl
> >> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> >
> > _______________________________________________
> > LARTC mailing list
> > LARTC at mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
> _______________________________________________
> LARTC mailing list
> LARTC at mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
More information about the LARTC
mailing list