thr3ads.net - LARTC - GRE tunnel [Jun 2007]

If this information is useful, please help other people find it:
Share via:

Greg Hartung

2007-Jun-21 17:52 UTC

GRE tunnel

I am trying to setup GRE between two CentOS 4.5 boxes.  I have tried
several variations of what''s listed below, but none of them work.

box1:
modprobe ip_gre
ip link set gre0 up
ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20 dev
eth0
ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24
ip link set dev gretun up
ip route add 10.2.0.0/16 via 10.253.253.2

box2:
modprobe ip_gre
ip link set gre0 up
ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161 ttl 20 dev
eth0
ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24
ip link set dev gretun up
ip route add 10.1.0.0/16 via 10.253.253.1

tcpdump shows NO rx or tx traffic from either box that isn''t ARP or
SSH.

  It''s as if it''s not even trying to bring the tunnel up. 
I''m a Cisco guy,
so I''m lost with my show commands.

  The other variations I''ve tried consist mostly of trying different
combinations of on-net (in the same subnet as eth0 and even the same address
as eth0) and off-net (various combinations of loopback /24 and /32 addresses
in separate 10 space) on the ''ip addr add dev gretun''
statements.  But the
above example is what *should* work on a Cisco, I think.  It''s been a
while.

How do I troubleshoot this?  This is all I''ve got so far:

root@den1tun01:/home/root $ ip link
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc pfifo_fast qlen 1000
    link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
3: eth0.2: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc noqueue
    link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
4: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
    link/gre 0.0.0.0 brd 0.0.0.0
5: gretun@eth0: <POINTOPOINT,NOARP,UP> mtu 8776 qdisc noqueue
    link/gre 66.1.1.161 peer 66.1.2.161

root@den1tun01:/home/root $ ip tun
gre0: gre/ip  remote any  local any  ttl inherit  nopmtudisc
gretun: gre/ip  remote 66.1.2.161  local 66.1.1.161  dev eth0  ttl 20

root@den1tun01:/home/root $ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:19:B9:DD:FF:D9
          inet addr:10.1.2.243  Bcast:10.1.3.255  Mask:255.255.254.0
          UP BROADCAST RUNNING MULTICAST  MTU:8800  Metric:1
          RX packets:3357 errors:0 dropped:0 overruns:0 frame:0
          TX packets:484 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:230757 (225.3 KiB)  TX bytes:63937 (62.4 KiB)
          Interrupt:169 Memory:f8000000-f8011100

eth0.2    Link encap:Ethernet  HWaddr 00:19:B9:DD:FF:D9
          inet addr:66.1.1.161  Bcast:66.1.1.191  Mask:255.255.255.192
          UP BROADCAST RUNNING MULTICAST  MTU:8800  Metric:1
          RX packets:950 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:43860 (42.8 KiB)  TX bytes:1200 (1.1 KiB)

gretun    Link encap:UNSPEC  HWaddr
42-0B-33-A1-FF-C0-00-00-00-00-00-00-00-00-00-00
          inet addr:10.253.253.1  P-t-P:10.253.253.2  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP  MTU:8776  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:756 (756.0 b)

gre0      Link encap:UNSPEC  HWaddr
00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
          UP RUNNING NOARP  MTU:1476  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:225 errors:0 dropped:0 overruns:0 frame:0
          TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:13271 (12.9 KiB)  TX bytes:13271 (12.9 KiB)


I''ve also tried changing the destination for the route to the near end
of
the private subnet and tried pinging various things on the tunnel subnet and
remote network to create "interesting traffic" to bring the tunnel up
but
tcpdump still shows nothing.

Then I noticed that ping does show an error count:

[root@den1tun01 ~]# ping 10.253.253.2
PING 10.253.253.2 (10.253.253.2) 56(84) bytes of data.>From 10.253.253.1 icmp_seq=0 Destination Host Unreachable
>From 10.253.253.1 icmp_seq=1 Destination Host Unreachable
--- 10.253.253.2 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1000ms
, pipe 2

   I can ping the local end: 10.253.253.1, but the tunnel is still
non-functinoal.

Thanks!
Greg

Greg Hartung

2007-Jun-26 23:01 UTC

head link

Re: GRE tunnel

I''m still stuck on this one and could really use some help.  I just
finished trying it on an FC3 box too to make sure it wasn''t CentOS
specific
issue but there''s still no output from tcpdump.

   I also spent some time looking over Cisco examples to make sure I
wasn''t
misremembering the concepts.  No surprises there.

   Does anyone have any ideas or can someone suggest a more appropriate
forum for the question?

Thanks!!

On 6/21/07 11:52 AM, "Greg Hartung" <ghartung@photobucket.com>
wrote:
> 
>   I am trying to setup GRE between two CentOS 4.5 boxes.  I have tried
> several variations of what''s listed below, but none of them work.
> 
> box1:
> modprobe ip_gre
> ip link set gre0 up
> ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20 dev
> eth0
> ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24
> ip link set dev gretun up
> ip route add 10.2.0.0/16 via 10.253.253.2
> 
> box2:
> modprobe ip_gre
> ip link set gre0 up
> ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161 ttl 20 dev
> eth0
> ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24
> ip link set dev gretun up
> ip route add 10.1.0.0/16 via 10.253.253.1
> 
> tcpdump shows NO rx or tx traffic from either box that isn''t ARP
or SSH.
> 
>   It''s as if it''s not even trying to bring the tunnel up.
I''m a Cisco guy,
> so I''m lost with my show commands.
> 
>   The other variations I''ve tried consist mostly of trying
different
> combinations of on-net (in the same subnet as eth0 and even the same
address
> as eth0) and off-net (various combinations of loopback /24 and /32
addresses
> in separate 10 space) on the ''ip addr add dev gretun''
statements.  But the
> above example is what *should* work on a Cisco, I think.  It''s
been a
> while.
> 
> How do I troubleshoot this?  This is all I''ve got so far:
> 
> root@den1tun01:/home/root $ ip link
> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc pfifo_fast qlen 1000
>     link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
> 3: eth0.2: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc noqueue
>     link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
> 4: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
>     link/gre 0.0.0.0 brd 0.0.0.0
> 5: gretun@eth0: <POINTOPOINT,NOARP,UP> mtu 8776 qdisc noqueue
>     link/gre 66.1.1.161 peer 66.1.2.161
> 
> root@den1tun01:/home/root $ ip tun
> gre0: gre/ip  remote any  local any  ttl inherit  nopmtudisc
> gretun: gre/ip  remote 66.1.2.161  local 66.1.1.161  dev eth0  ttl 20
> 
> root@den1tun01:/home/root $ ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:19:B9:DD:FF:D9
>           inet addr:10.1.2.243  Bcast:10.1.3.255  Mask:255.255.254.0
>           UP BROADCAST RUNNING MULTICAST  MTU:8800  Metric:1
>           RX packets:3357 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:484 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:230757 (225.3 KiB)  TX bytes:63937 (62.4 KiB)
>           Interrupt:169 Memory:f8000000-f8011100
> 
> eth0.2    Link encap:Ethernet  HWaddr 00:19:B9:DD:FF:D9
>           inet addr:66.1.1.161  Bcast:66.1.1.191  Mask:255.255.255.192
>           UP BROADCAST RUNNING MULTICAST  MTU:8800  Metric:1
>           RX packets:950 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:43860 (42.8 KiB)  TX bytes:1200 (1.1 KiB)
> 
> gretun    Link encap:UNSPEC  HWaddr
> 42-0B-33-A1-FF-C0-00-00-00-00-00-00-00-00-00-00
>           inet addr:10.253.253.1  P-t-P:10.253.253.2  Mask:255.255.255.0
>           UP POINTOPOINT RUNNING NOARP  MTU:8776  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:0 (0.0 b)  TX bytes:756 (756.0 b)
> 
> gre0      Link encap:UNSPEC  HWaddr
> 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
>           UP RUNNING NOARP  MTU:1476  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
> 
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:225 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:13271 (12.9 KiB)  TX bytes:13271 (12.9 KiB)
> 
> 
> I''ve also tried changing the destination for the route to the near
end of
> the private subnet and tried pinging various things on the tunnel subnet
and
> remote network to create "interesting traffic" to bring the
tunnel up but
> tcpdump still shows nothing.
> 
> Then I noticed that ping does show an error count:
> 
> [root@den1tun01 ~]# ping 10.253.253.2
> PING 10.253.253.2 (10.253.253.2) 56(84) bytes of data.
>> From 10.253.253.1 icmp_seq=0 Destination Host Unreachable
>> From 10.253.253.1 icmp_seq=1 Destination Host Unreachable
> 
> --- 10.253.253.2 ping statistics ---
> 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1000ms
> , pipe 2
> 
>    I can ping the local end: 10.253.253.1, but the tunnel is still
> non-functinoal.
> 
> Thanks!
> Greg
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Greg Hartung

2007-Jun-27 16:29 UTC

head link

Re: GRE tunnel

Finally, a hint of light:

The first is a tcpdump while pinging the remote end, 66.1.2.161, and it
looks normal:

10:12:10.441842 > 00:19:b9:dd:ff:d9 ip 100: IP 66.1.1.161 > 66.1.2.161:
icmp
64: echo request seq 1
10:12:10.442344 < 00:01:e8:0f:ee:f8 ip 100: IP 66.1.2.161 > 66.1.1.161:
icmp
64: echo reply seq 1

This next is a ping of the remote tunnel end, 10.253.253.2

10:12:18.970786 > 00:19:b9:dd:ff:d9 arp 44: arp who-has 66.1.2.161 tell
66.1.1.161

I am *very* confused by this.  Somehow, when I try to send traffic thru the
tunnel, it thinks that the remote physical end is directly attached and
should ARP for it even tho it is pingable?!?!!?  It is definitely not on-net
- it is many hops away - but it is reachable via a default route.

Routing table before the tunnel is configured:

[root@den1tun01 ~]# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
66.1.1.128      0.0.0.0         255.255.255.192 U         0 0          0
eth0.2
10.1.2.0        0.0.0.0         255.255.254.0   U         0 0          0
eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
eth0.2
10.0.0.0        10.1.2.254      255.0.0.0       UG        0 0          0
eth0
0.0.0.0         66.11.51.129    0.0.0.0         UG        0 0          0
eth0.2
[root@den1tun01 ~]#

And while it''s configured:

[root@den1tun01 ~]# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
66.1.1.128      0.0.0.0         255.255.255.192 U         0 0          0
eth0.2
10.253.253.0    0.0.0.0         255.255.255.0   U         0 0          0
gretun
10.1.2.0        0.0.0.0         255.255.254.0   U         0 0          0
eth0
10.50.0.0       0.0.0.0         255.255.0.0     U         0 0          0
gretun
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
eth0.2
10.0.0.0        10.1.2.254      255.0.0.0       UG        0 0          0
eth0
0.0.0.0         66.11.51.129    0.0.0.0         UG        0 0          0
eth0.2



On 6/26/07 5:01 PM, "Greg Hartung" <ghartung@photobucket.com>
wrote:
> 
>    I''m still stuck on this one and could really use some help.  I
just
> finished trying it on an FC3 box too to make sure it wasn''t CentOS
specific
> issue but there''s still no output from tcpdump.
> 
>    I also spent some time looking over Cisco examples to make sure I
wasn''t
> misremembering the concepts.  No surprises there.
> 
>    Does anyone have any ideas or can someone suggest a more appropriate
> forum for the question?
> 
> Thanks!!
> 
> On 6/21/07 11:52 AM, "Greg Hartung"
<ghartung@photobucket.com> wrote:
> 
>> 
>>   I am trying to setup GRE between two CentOS 4.5 boxes.  I have tried
>> several variations of what''s listed below, but none of them
work.
>> 
>> box1:
>> modprobe ip_gre
>> ip link set gre0 up
>> ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20
dev
>> eth0
>> ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24
>> ip link set dev gretun up
>> ip route add 10.2.0.0/16 via 10.253.253.2
>> 
>> box2:
>> modprobe ip_gre
>> ip link set gre0 up
>> ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161 ttl 20
dev
>> eth0
>> ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24
>> ip link set dev gretun up
>> ip route add 10.1.0.0/16 via 10.253.253.1
>> 
>> tcpdump shows NO rx or tx traffic from either box that isn''t
ARP or SSH.
>> 
>>   It''s as if it''s not even trying to bring the tunnel
up.  I''m a Cisco guy,
>> so I''m lost with my show commands.
>> 
>>   The other variations I''ve tried consist mostly of trying
different
>> combinations of on-net (in the same subnet as eth0 and even the same
address
>> as eth0) and off-net (various combinations of loopback /24 and /32
addresses
>> in separate 10 space) on the ''ip addr add dev gretun''
statements.  But the
>> above example is what *should* work on a Cisco, I think.  It''s
been a
>> while.
>> 
>> How do I troubleshoot this?  This is all I''ve got so far:
>> 
>> root@den1tun01:/home/root $ ip link
>> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc pfifo_fast qlen
1000
>>     link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
>> 3: eth0.2: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc noqueue
>>     link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
>> 4: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
>>     link/gre 0.0.0.0 brd 0.0.0.0
>> 5: gretun@eth0: <POINTOPOINT,NOARP,UP> mtu 8776 qdisc noqueue
>>     link/gre 66.1.1.161 peer 66.1.2.161
>> 
>> root@den1tun01:/home/root $ ip tun
>> gre0: gre/ip  remote any  local any  ttl inherit  nopmtudisc
>> gretun: gre/ip  remote 66.1.2.161  local 66.1.1.161  dev eth0  ttl 20
>> 
>> root@den1tun01:/home/root $ ifconfig
>> eth0      Link encap:Ethernet  HWaddr 00:19:B9:DD:FF:D9
>>           inet addr:10.1.2.243  Bcast:10.1.3.255  Mask:255.255.254.0
>>           UP BROADCAST RUNNING MULTICAST  MTU:8800  Metric:1
>>           RX packets:3357 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:484 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:1000
>>           RX bytes:230757 (225.3 KiB)  TX bytes:63937 (62.4 KiB)
>>           Interrupt:169 Memory:f8000000-f8011100
>> 
>> eth0.2    Link encap:Ethernet  HWaddr 00:19:B9:DD:FF:D9
>>           inet addr:66.1.1.161  Bcast:66.1.1.191  Mask:255.255.255.192
>>           UP BROADCAST RUNNING MULTICAST  MTU:8800  Metric:1
>>           RX packets:950 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:43860 (42.8 KiB)  TX bytes:1200 (1.1 KiB)
>> 
>> gretun    Link encap:UNSPEC  HWaddr
>> 42-0B-33-A1-FF-C0-00-00-00-00-00-00-00-00-00-00
>>           inet addr:10.253.253.1  P-t-P:10.253.253.2 
Mask:255.255.255.0
>>           UP POINTOPOINT RUNNING NOARP  MTU:8776  Metric:1
>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:0 (0.0 b)  TX bytes:756 (756.0 b)
>> 
>> gre0      Link encap:UNSPEC  HWaddr
>> 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
>>           UP RUNNING NOARP  MTU:1476  Metric:1
>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>> 
>> lo        Link encap:Local Loopback
>>           inet addr:127.0.0.1  Mask:255.0.0.0
>>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>>           RX packets:225 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:13271 (12.9 KiB)  TX bytes:13271 (12.9 KiB)
>> 
>> 
>> I''ve also tried changing the destination for the route to the
near end of
>> the private subnet and tried pinging various things on the tunnel
subnet and
>> remote network to create "interesting traffic" to bring the
tunnel up but
>> tcpdump still shows nothing.
>> 
>> Then I noticed that ping does show an error count:
>> 
>> [root@den1tun01 ~]# ping 10.253.253.2
>> PING 10.253.253.2 (10.253.253.2) 56(84) bytes of data.
>>> From 10.253.253.1 icmp_seq=0 Destination Host Unreachable
>>> From 10.253.253.1 icmp_seq=1 Destination Host Unreachable
>> 
>> --- 10.253.253.2 ping statistics ---
>> 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time
1000ms
>> , pipe 2
>> 
>>    I can ping the local end: 10.253.253.1, but the tunnel is still
>> non-functinoal.
>> 
>> Thanks!
>> Greg
>> 
>> _______________________________________________
>> LARTC mailing list
>> LARTC@mailman.ds9a.nl
>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

mark

2007-Jun-27 20:54 UTC

head link

Re: GRE tunnel

On Wed, 2007-06-27 at 10:29 -0600, Greg Hartung wrote:> Finally, a hint of light:
> 
> The first is a tcpdump while pinging the remote end, 66.1.2.161, and it
> looks normal:
> 
> 10:12:10.441842 > 00:19:b9:dd:ff:d9 ip 100: IP 66.1.1.161 >
66.1.2.161: icmp
> 64: echo request seq 1
> 10:12:10.442344 < 00:01:e8:0f:ee:f8 ip 100: IP 66.1.2.161 >
66.1.1.161: icmp
> 64: echo reply seq 1
> 
> This next is a ping of the remote tunnel end, 10.253.253.2
> 
> 10:12:18.970786 > 00:19:b9:dd:ff:d9 arp 44: arp who-has 66.1.2.161 tell
> 66.1.1.161
> 
> I am *very* confused by this.  Somehow, when I try to send traffic thru the
> tunnel, it thinks that the remote physical end is directly attached and
> should ARP for it even tho it is pingable?!?!!?  It is definitely not
on-net
> - it is many hops away - but it is reachable via a default route.
Hmmm... interrestig. What does "ip ro get 66.1.2.161" say? And for
10.253.253.2?

Regards,
Mark.
> Routing table before the tunnel is configured:
> 
> [root@den1tun01 ~]# netstat -nr
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt
> Iface
> 66.1.1.128      0.0.0.0         255.255.255.192 U         0 0          0
> eth0.2
> 10.1.2.0        0.0.0.0         255.255.254.0   U         0 0          0
> eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
> eth0.2
> 10.0.0.0        10.1.2.254      255.0.0.0       UG        0 0          0
> eth0
> 0.0.0.0         66.11.51.129    0.0.0.0         UG        0 0          0
> eth0.2
> [root@den1tun01 ~]#
> 
> And while it''s configured:
> 
> [root@den1tun01 ~]# netstat -nr
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt
> Iface
> 66.1.1.128      0.0.0.0         255.255.255.192 U         0 0          0
> eth0.2
> 10.253.253.0    0.0.0.0         255.255.255.0   U         0 0          0
> gretun
> 10.1.2.0        0.0.0.0         255.255.254.0   U         0 0          0
> eth0
> 10.50.0.0       0.0.0.0         255.255.0.0     U         0 0          0
> gretun
> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
> eth0.2
> 10.0.0.0        10.1.2.254      255.0.0.0       UG        0 0          0
> eth0
> 0.0.0.0         66.11.51.129    0.0.0.0         UG        0 0          0
> eth0.2
> 
> 
> 
> On 6/26/07 5:01 PM, "Greg Hartung"
<ghartung@photobucket.com> wrote:
> 
> > 
> >    I''m still stuck on this one and could really use some
help.  I just
> > finished trying it on an FC3 box too to make sure it wasn''t
CentOS specific
> > issue but there''s still no output from tcpdump.
> > 
> >    I also spent some time looking over Cisco examples to make sure I
wasn''t
> > misremembering the concepts.  No surprises there.
> > 
> >    Does anyone have any ideas or can someone suggest a more
appropriate
> > forum for the question?
> > 
> > Thanks!!
> > 
> > On 6/21/07 11:52 AM, "Greg Hartung"
<ghartung@photobucket.com> wrote:
> > 
> >> 
> >>   I am trying to setup GRE between two CentOS 4.5 boxes.  I have
tried
> >> several variations of what''s listed below, but none of
them work.
> >> 
> >> box1:
> >> modprobe ip_gre
> >> ip link set gre0 up
> >> ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161
ttl 20 dev
> >> eth0
> >> ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24
> >> ip link set dev gretun up
> >> ip route add 10.2.0.0/16 via 10.253.253.2
> >> 
> >> box2:
> >> modprobe ip_gre
> >> ip link set gre0 up
> >> ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161
ttl 20 dev
> >> eth0
> >> ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24
> >> ip link set dev gretun up
> >> ip route add 10.1.0.0/16 via 10.253.253.1
> >> 
> >> tcpdump shows NO rx or tx traffic from either box that
isn''t ARP or SSH.
> >> 
> >>   It''s as if it''s not even trying to bring the
tunnel up.  I''m a Cisco guy,
> >> so I''m lost with my show commands.
> >> 
> >>   The other variations I''ve tried consist mostly of
trying different
> >> combinations of on-net (in the same subnet as eth0 and even the
same address
> >> as eth0) and off-net (various combinations of loopback /24 and /32
addresses
> >> in separate 10 space) on the ''ip addr add dev
gretun'' statements.  But the
> >> above example is what *should* work on a Cisco, I think. 
It''s been a
> >> while.
> >> 
> >> How do I troubleshoot this?  This is all I''ve got so far:
> >> 
> >> root@den1tun01:/home/root $ ip link
> >> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
> >>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> >> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc pfifo_fast
qlen 1000
> >>     link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
> >> 3: eth0.2: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc noqueue
> >>     link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
> >> 4: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
> >>     link/gre 0.0.0.0 brd 0.0.0.0
> >> 5: gretun@eth0: <POINTOPOINT,NOARP,UP> mtu 8776 qdisc
noqueue
> >>     link/gre 66.1.1.161 peer 66.1.2.161
> >> 
> >> root@den1tun01:/home/root $ ip tun
> >> gre0: gre/ip  remote any  local any  ttl inherit  nopmtudisc
> >> gretun: gre/ip  remote 66.1.2.161  local 66.1.1.161  dev eth0  ttl
20
> >> 
> >> root@den1tun01:/home/root $ ifconfig
> >> eth0      Link encap:Ethernet  HWaddr 00:19:B9:DD:FF:D9
> >>           inet addr:10.1.2.243  Bcast:10.1.3.255 
Mask:255.255.254.0
> >>           UP BROADCAST RUNNING MULTICAST  MTU:8800  Metric:1
> >>           RX packets:3357 errors:0 dropped:0 overruns:0 frame:0
> >>           TX packets:484 errors:0 dropped:0 overruns:0 carrier:0
> >>           collisions:0 txqueuelen:1000
> >>           RX bytes:230757 (225.3 KiB)  TX bytes:63937 (62.4 KiB)
> >>           Interrupt:169 Memory:f8000000-f8011100
> >> 
> >> eth0.2    Link encap:Ethernet  HWaddr 00:19:B9:DD:FF:D9
> >>           inet addr:66.1.1.161  Bcast:66.1.1.191 
Mask:255.255.255.192
> >>           UP BROADCAST RUNNING MULTICAST  MTU:8800  Metric:1
> >>           RX packets:950 errors:0 dropped:0 overruns:0 frame:0
> >>           TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
> >>           collisions:0 txqueuelen:0
> >>           RX bytes:43860 (42.8 KiB)  TX bytes:1200 (1.1 KiB)
> >> 
> >> gretun    Link encap:UNSPEC  HWaddr
> >> 42-0B-33-A1-FF-C0-00-00-00-00-00-00-00-00-00-00
> >>           inet addr:10.253.253.1  P-t-P:10.253.253.2 
Mask:255.255.255.0
> >>           UP POINTOPOINT RUNNING NOARP  MTU:8776  Metric:1
> >>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >>           TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
> >>           collisions:0 txqueuelen:0
> >>           RX bytes:0 (0.0 b)  TX bytes:756 (756.0 b)
> >> 
> >> gre0      Link encap:UNSPEC  HWaddr
> >> 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
> >>           UP RUNNING NOARP  MTU:1476  Metric:1
> >>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> >>           collisions:0 txqueuelen:0
> >>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
> >> 
> >> lo        Link encap:Local Loopback
> >>           inet addr:127.0.0.1  Mask:255.0.0.0
> >>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
> >>           RX packets:225 errors:0 dropped:0 overruns:0 frame:0
> >>           TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
> >>           collisions:0 txqueuelen:0
> >>           RX bytes:13271 (12.9 KiB)  TX bytes:13271 (12.9 KiB)
> >> 
> >> 
> >> I''ve also tried changing the destination for the route to
the near end of
> >> the private subnet and tried pinging various things on the tunnel
subnet and
> >> remote network to create "interesting traffic" to bring
the tunnel up but
> >> tcpdump still shows nothing.
> >> 
> >> Then I noticed that ping does show an error count:
> >> 
> >> [root@den1tun01 ~]# ping 10.253.253.2
> >> PING 10.253.253.2 (10.253.253.2) 56(84) bytes of data.
> >>> From 10.253.253.1 icmp_seq=0 Destination Host Unreachable
> >>> From 10.253.253.1 icmp_seq=1 Destination Host Unreachable
> >> 
> >> --- 10.253.253.2 ping statistics ---
> >> 2 packets transmitted, 0 received, +2 errors, 100% packet loss,
time 1000ms
> >> , pipe 2
> >> 
> >>    I can ping the local end: 10.253.253.1, but the tunnel is still
> >> non-functinoal.
> >> 
> >> Thanks!
> >> Greg
> >> 
> >> _______________________________________________
> >> LARTC mailing list
> >> LARTC@mailman.ds9a.nl
> >> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> > 
> > _______________________________________________
> > LARTC mailing list
> > LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Gustin Johnson

2007-Jun-27 23:23 UTC

head link

Re: GRE tunnel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I noticed that the private ip is on the same subnet on both sides of the
tunnel.  When I have done this in the past there were two separate
subnets (eg. 10.253.253.0/24 and 10.253.254.0/24).  I have never tried
it exactly as you have.

I also do not have any more gre tunnels in service.  So this is from an
old script of mine.

Anyway, the syntax and order that I used is:

Box A
modprobe ip_gre
ip tunnel add gre0 mode gre remote 66.1.2.161 local 66.1.1.161 ttl 255
ip addr add 10.253.253.1 dev gre0
ip link set gre0 up
ip route add 10.253.254.0/24 dev gre0

Box B
modprobe ip_gre
ip tunnel add gre0 mode gre remote 66.1.1.161 local 66.1.2.161 ttl 255
ip addr add 10.253.254.1 dev gre0
ip link set gre0 up
ip route add 10.253.253.0/24 dev gre0

Hope this helps,

Greg Hartung wrote:>    I''m still stuck on this one and could really use some help.  I
just
> finished trying it on an FC3 box too to make sure it wasn''t CentOS
specific
> issue but there''s still no output from tcpdump.
> 
>    I also spent some time looking over Cisco examples to make sure I
wasn''t
> misremembering the concepts.  No surprises there.
> 
>    Does anyone have any ideas or can someone suggest a more appropriate
> forum for the question?
> 
> Thanks!!
> 
> On 6/21/07 11:52 AM, "Greg Hartung"
<ghartung@photobucket.com> wrote:
> 
>>   I am trying to setup GRE between two CentOS 4.5 boxes.  I have tried
>> several variations of what''s listed below, but none of them
work.
>>
>> box1:
>> modprobe ip_gre
>> ip link set gre0 up
>> ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20
dev
>> eth0
>> ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24
>> ip link set dev gretun up
>> ip route add 10.2.0.0/16 via 10.253.253.2
>>
>> box2:
>> modprobe ip_gre
>> ip link set gre0 up
>> ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161 ttl 20
dev
>> eth0
>> ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24
>> ip link set dev gretun up
>> ip route add 10.1.0.0/16 via 10.253.253.1
>>
>> tcpdump shows NO rx or tx traffic from either box that isn''t
ARP or SSH.
>>
>>   It''s as if it''s not even trying to bring the tunnel
up.  I''m a Cisco guy,
>> so I''m lost with my show commands.
>>
>>   The other variations I''ve tried consist mostly of trying
different
>> combinations of on-net (in the same subnet as eth0 and even the same
address
>> as eth0) and off-net (various combinations of loopback /24 and /32
addresses
>> in separate 10 space) on the ''ip addr add dev gretun''
statements.  But the
>> above example is what *should* work on a Cisco, I think.  It''s
been a
>> while.
>>
>> How do I troubleshoot this?  This is all I''ve got so far:
>>
>> root@den1tun01:/home/root $ ip link
>> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc pfifo_fast qlen
1000
>>     link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
>> 3: eth0.2: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc noqueue
>>     link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
>> 4: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
>>     link/gre 0.0.0.0 brd 0.0.0.0
>> 5: gretun@eth0: <POINTOPOINT,NOARP,UP> mtu 8776 qdisc noqueue
>>     link/gre 66.1.1.161 peer 66.1.2.161
>>
>> root@den1tun01:/home/root $ ip tun
>> gre0: gre/ip  remote any  local any  ttl inherit  nopmtudisc
>> gretun: gre/ip  remote 66.1.2.161  local 66.1.1.161  dev eth0  ttl 20
>>
>> root@den1tun01:/home/root $ ifconfig
>> eth0      Link encap:Ethernet  HWaddr 00:19:B9:DD:FF:D9
>>           inet addr:10.1.2.243  Bcast:10.1.3.255  Mask:255.255.254.0
>>           UP BROADCAST RUNNING MULTICAST  MTU:8800  Metric:1
>>           RX packets:3357 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:484 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:1000
>>           RX bytes:230757 (225.3 KiB)  TX bytes:63937 (62.4 KiB)
>>           Interrupt:169 Memory:f8000000-f8011100
>>
>> eth0.2    Link encap:Ethernet  HWaddr 00:19:B9:DD:FF:D9
>>           inet addr:66.1.1.161  Bcast:66.1.1.191  Mask:255.255.255.192
>>           UP BROADCAST RUNNING MULTICAST  MTU:8800  Metric:1
>>           RX packets:950 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:43860 (42.8 KiB)  TX bytes:1200 (1.1 KiB)
>>
>> gretun    Link encap:UNSPEC  HWaddr
>> 42-0B-33-A1-FF-C0-00-00-00-00-00-00-00-00-00-00
>>           inet addr:10.253.253.1  P-t-P:10.253.253.2 
Mask:255.255.255.0
>>           UP POINTOPOINT RUNNING NOARP  MTU:8776  Metric:1
>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:0 (0.0 b)  TX bytes:756 (756.0 b)
>>
>> gre0      Link encap:UNSPEC  HWaddr
>> 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
>>           UP RUNNING NOARP  MTU:1476  Metric:1
>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>>
>> lo        Link encap:Local Loopback
>>           inet addr:127.0.0.1  Mask:255.0.0.0
>>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>>           RX packets:225 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:13271 (12.9 KiB)  TX bytes:13271 (12.9 KiB)
>>
>>
>> I''ve also tried changing the destination for the route to the
near end of
>> the private subnet and tried pinging various things on the tunnel
subnet and
>> remote network to create "interesting traffic" to bring the
tunnel up but
>> tcpdump still shows nothing.
>>
>> Then I noticed that ping does show an error count:
>>
>> [root@den1tun01 ~]# ping 10.253.253.2
>> PING 10.253.253.2 (10.253.253.2) 56(84) bytes of data.
>>> From 10.253.253.1 icmp_seq=0 Destination Host Unreachable
>>> From 10.253.253.1 icmp_seq=1 Destination Host Unreachable
>> --- 10.253.253.2 ping statistics ---
>> 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time
1000ms
>> , pipe 2
>>
>>    I can ping the local end: 10.253.253.1, but the tunnel is still
>> non-functinoal.
>>
>> Thanks!
>> Greg
>>
>> _______________________________________________
>> LARTC mailing list
>> LARTC@mailman.ds9a.nl
>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGgvFawRXgH3rKGfMRAnXQAJ9FeeexFg7Qy1M8atRipjVpmTpO+gCdG8er
10WWOmM8YDMj0m9XECRlSv8=PsPK
-----END PGP SIGNATURE-----

Greg Hartung

2007-Jul-09 15:06 UTC

head link

Re: GRE tunnel - workaround found, possible bug in the kernel?

The problem appears to be a bug in the kernel.  One thing I''d forgotten
to mention was that I regularly use VLAN interfaces on all of my machines.
The public exit interface on the CentOS boxes was a VLAN tagged interface
(eth0.2).  But when I did later tests on the Fedora boxes, I just did a test
on their native interfaces, which worked.  At first I thought perhaps I was
running into an MTU problem, but then I realized I was only sending small
ICMP packets to test.  And tcpdump isn''t seeing any packets exit so I
*think* Linux is choking on the double tagging.

   If I exchange the addresses, moving the public address to the untagged
interface (eth0) and the private address to the tagged interface (eth0.2 for
example), GRE works fine since the default route is using the publicly
addressed interface and is much happier when it''s untagged.

  Is this a bug or are 802.1q and GRE tagging just inherently incompatible?

Greg

Seemingly Similar Threads

Search for more maybe matching threads

LARTC - Jun 2007 - GRE tunnel

GRE tunnel

Re: GRE tunnel

Re: GRE tunnel

Re: GRE tunnel

Re: GRE tunnel

Re: GRE tunnel - workaround found, possible bug in the kernel?

Seemingly Similar Threads