* [LARTC] GRE tunnel
@ 2007-06-21 17:52 Greg Hartung
2007-06-26 23:01 ` Greg Hartung
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Greg Hartung @ 2007-06-21 17:52 UTC (permalink / raw)
To: lartc
I am trying to setup GRE between two CentOS 4.5 boxes. I have tried
several variations of what's listed below, but none of them work.
box1:
modprobe ip_gre
ip link set gre0 up
ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20 dev
eth0
ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24
ip link set dev gretun up
ip route add 10.2.0.0/16 via 10.253.253.2
box2:
modprobe ip_gre
ip link set gre0 up
ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161 ttl 20 dev
eth0
ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24
ip link set dev gretun up
ip route add 10.1.0.0/16 via 10.253.253.1
tcpdump shows NO rx or tx traffic from either box that isn't ARP or SSH.
It's as if it's not even trying to bring the tunnel up. I'm a Cisco guy,
so I'm lost with my show commands.
The other variations I've tried consist mostly of trying different
combinations of on-net (in the same subnet as eth0 and even the same address
as eth0) and off-net (various combinations of loopback /24 and /32 addresses
in separate 10 space) on the 'ip addr add dev gretun' statements. But the
above example is what *should* work on a Cisco, I think. It's been a
while.
How do I troubleshoot this? This is all I've got so far:
root@den1tun01:/home/root $ ip link
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc pfifo_fast qlen 1000
link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
3: eth0.2: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc noqueue
link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
4: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
link/gre 0.0.0.0 brd 0.0.0.0
5: gretun@eth0: <POINTOPOINT,NOARP,UP> mtu 8776 qdisc noqueue
link/gre 66.1.1.161 peer 66.1.2.161
root@den1tun01:/home/root $ ip tun
gre0: gre/ip remote any local any ttl inherit nopmtudisc
gretun: gre/ip remote 66.1.2.161 local 66.1.1.161 dev eth0 ttl 20
root@den1tun01:/home/root $ ifconfig
eth0 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9
inet addr:10.1.2.243 Bcast:10.1.3.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1
RX packets:3357 errors:0 dropped:0 overruns:0 frame:0
TX packets:484 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:230757 (225.3 KiB) TX bytes:63937 (62.4 KiB)
Interrupt:169 Memory:f8000000-f8011100
eth0.2 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9
inet addr:66.1.1.161 Bcast:66.1.1.191 Mask:255.255.255.192
UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1
RX packets:950 errors:0 dropped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:43860 (42.8 KiB) TX bytes:1200 (1.1 KiB)
gretun Link encap:UNSPEC HWaddr
42-0B-33-A1-FF-C0-00-00-00-00-00-00-00-00-00-00
inet addr:10.253.253.1 P-t-P:10.253.253.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MTU:8776 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:756 (756.0 b)
gre0 Link encap:UNSPEC HWaddr
00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
UP RUNNING NOARP MTU:1476 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:225 errors:0 dropped:0 overruns:0 frame:0
TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13271 (12.9 KiB) TX bytes:13271 (12.9 KiB)
I've also tried changing the destination for the route to the near end of
the private subnet and tried pinging various things on the tunnel subnet and
remote network to create "interesting traffic" to bring the tunnel up but
tcpdump still shows nothing.
Then I noticed that ping does show an error count:
[root@den1tun01 ~]# ping 10.253.253.2
PING 10.253.253.2 (10.253.253.2) 56(84) bytes of data.
From 10.253.253.1 icmp_seq=0 Destination Host Unreachable
From 10.253.253.1 icmp_seq=1 Destination Host Unreachable
--- 10.253.253.2 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1000ms
, pipe 2
I can ping the local end: 10.253.253.1, but the tunnel is still
non-functinoal.
Thanks!
Greg
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] GRE tunnel
2007-06-21 17:52 [LARTC] GRE tunnel Greg Hartung
@ 2007-06-26 23:01 ` Greg Hartung
2007-06-27 16:29 ` Greg Hartung
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Greg Hartung @ 2007-06-26 23:01 UTC (permalink / raw)
To: lartc
I'm still stuck on this one and could really use some help. I just
finished trying it on an FC3 box too to make sure it wasn't CentOS specific
issue but there's still no output from tcpdump.
I also spent some time looking over Cisco examples to make sure I wasn't
misremembering the concepts. No surprises there.
Does anyone have any ideas or can someone suggest a more appropriate
forum for the question?
Thanks!!
On 6/21/07 11:52 AM, "Greg Hartung" <ghartung@photobucket.com> wrote:
>
> I am trying to setup GRE between two CentOS 4.5 boxes. I have tried
> several variations of what's listed below, but none of them work.
>
> box1:
> modprobe ip_gre
> ip link set gre0 up
> ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20 dev
> eth0
> ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24
> ip link set dev gretun up
> ip route add 10.2.0.0/16 via 10.253.253.2
>
> box2:
> modprobe ip_gre
> ip link set gre0 up
> ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161 ttl 20 dev
> eth0
> ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24
> ip link set dev gretun up
> ip route add 10.1.0.0/16 via 10.253.253.1
>
> tcpdump shows NO rx or tx traffic from either box that isn't ARP or SSH.
>
> It's as if it's not even trying to bring the tunnel up. I'm a Cisco guy,
> so I'm lost with my show commands.
>
> The other variations I've tried consist mostly of trying different
> combinations of on-net (in the same subnet as eth0 and even the same address
> as eth0) and off-net (various combinations of loopback /24 and /32 addresses
> in separate 10 space) on the 'ip addr add dev gretun' statements. But the
> above example is what *should* work on a Cisco, I think. It's been a
> while.
>
> How do I troubleshoot this? This is all I've got so far:
>
> root@den1tun01:/home/root $ ip link
> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc pfifo_fast qlen 1000
> link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
> 3: eth0.2: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc noqueue
> link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
> 4: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
> link/gre 0.0.0.0 brd 0.0.0.0
> 5: gretun@eth0: <POINTOPOINT,NOARP,UP> mtu 8776 qdisc noqueue
> link/gre 66.1.1.161 peer 66.1.2.161
>
> root@den1tun01:/home/root $ ip tun
> gre0: gre/ip remote any local any ttl inherit nopmtudisc
> gretun: gre/ip remote 66.1.2.161 local 66.1.1.161 dev eth0 ttl 20
>
> root@den1tun01:/home/root $ ifconfig
> eth0 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9
> inet addr:10.1.2.243 Bcast:10.1.3.255 Mask:255.255.254.0
> UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1
> RX packets:3357 errors:0 dropped:0 overruns:0 frame:0
> TX packets:484 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:230757 (225.3 KiB) TX bytes:63937 (62.4 KiB)
> Interrupt:169 Memory:f8000000-f8011100
>
> eth0.2 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9
> inet addr:66.1.1.161 Bcast:66.1.1.191 Mask:255.255.255.192
> UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1
> RX packets:950 errors:0 dropped:0 overruns:0 frame:0
> TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:43860 (42.8 KiB) TX bytes:1200 (1.1 KiB)
>
> gretun Link encap:UNSPEC HWaddr
> 42-0B-33-A1-FF-C0-00-00-00-00-00-00-00-00-00-00
> inet addr:10.253.253.1 P-t-P:10.253.253.2 Mask:255.255.255.0
> UP POINTOPOINT RUNNING NOARP MTU:8776 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 b) TX bytes:756 (756.0 b)
>
> gre0 Link encap:UNSPEC HWaddr
> 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
> UP RUNNING NOARP MTU:1476 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:225 errors:0 dropped:0 overruns:0 frame:0
> TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:13271 (12.9 KiB) TX bytes:13271 (12.9 KiB)
>
>
> I've also tried changing the destination for the route to the near end of
> the private subnet and tried pinging various things on the tunnel subnet and
> remote network to create "interesting traffic" to bring the tunnel up but
> tcpdump still shows nothing.
>
> Then I noticed that ping does show an error count:
>
> [root@den1tun01 ~]# ping 10.253.253.2
> PING 10.253.253.2 (10.253.253.2) 56(84) bytes of data.
>> From 10.253.253.1 icmp_seq=0 Destination Host Unreachable
>> From 10.253.253.1 icmp_seq=1 Destination Host Unreachable
>
> --- 10.253.253.2 ping statistics ---
> 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1000ms
> , pipe 2
>
> I can ping the local end: 10.253.253.1, but the tunnel is still
> non-functinoal.
>
> Thanks!
> Greg
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] GRE tunnel
2007-06-21 17:52 [LARTC] GRE tunnel Greg Hartung
2007-06-26 23:01 ` Greg Hartung
@ 2007-06-27 16:29 ` Greg Hartung
2007-06-27 20:54 ` mark
2007-06-27 23:23 ` Gustin Johnson
3 siblings, 0 replies; 5+ messages in thread
From: Greg Hartung @ 2007-06-27 16:29 UTC (permalink / raw)
To: lartc
Finally, a hint of light:
The first is a tcpdump while pinging the remote end, 66.1.2.161, and it
looks normal:
10:12:10.441842 > 00:19:b9:dd:ff:d9 ip 100: IP 66.1.1.161 > 66.1.2.161: icmp
64: echo request seq 1
10:12:10.442344 < 00:01:e8:0f:ee:f8 ip 100: IP 66.1.2.161 > 66.1.1.161: icmp
64: echo reply seq 1
This next is a ping of the remote tunnel end, 10.253.253.2
10:12:18.970786 > 00:19:b9:dd:ff:d9 arp 44: arp who-has 66.1.2.161 tell
66.1.1.161
I am *very* confused by this. Somehow, when I try to send traffic thru the
tunnel, it thinks that the remote physical end is directly attached and
should ARP for it even tho it is pingable?!?!!? It is definitely not on-net
- it is many hops away - but it is reachable via a default route.
Routing table before the tunnel is configured:
[root@den1tun01 ~]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
66.1.1.128 0.0.0.0 255.255.255.192 U 0 0 0
eth0.2
10.1.2.0 0.0.0.0 255.255.254.0 U 0 0 0
eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth0.2
10.0.0.0 10.1.2.254 255.0.0.0 UG 0 0 0
eth0
0.0.0.0 66.11.51.129 0.0.0.0 UG 0 0 0
eth0.2
[root@den1tun01 ~]#
And while it's configured:
[root@den1tun01 ~]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
66.1.1.128 0.0.0.0 255.255.255.192 U 0 0 0
eth0.2
10.253.253.0 0.0.0.0 255.255.255.0 U 0 0 0
gretun
10.1.2.0 0.0.0.0 255.255.254.0 U 0 0 0
eth0
10.50.0.0 0.0.0.0 255.255.0.0 U 0 0 0
gretun
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth0.2
10.0.0.0 10.1.2.254 255.0.0.0 UG 0 0 0
eth0
0.0.0.0 66.11.51.129 0.0.0.0 UG 0 0 0
eth0.2
On 6/26/07 5:01 PM, "Greg Hartung" <ghartung@photobucket.com> wrote:
>
> I'm still stuck on this one and could really use some help. I just
> finished trying it on an FC3 box too to make sure it wasn't CentOS specific
> issue but there's still no output from tcpdump.
>
> I also spent some time looking over Cisco examples to make sure I wasn't
> misremembering the concepts. No surprises there.
>
> Does anyone have any ideas or can someone suggest a more appropriate
> forum for the question?
>
> Thanks!!
>
> On 6/21/07 11:52 AM, "Greg Hartung" <ghartung@photobucket.com> wrote:
>
>>
>> I am trying to setup GRE between two CentOS 4.5 boxes. I have tried
>> several variations of what's listed below, but none of them work.
>>
>> box1:
>> modprobe ip_gre
>> ip link set gre0 up
>> ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20 dev
>> eth0
>> ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24
>> ip link set dev gretun up
>> ip route add 10.2.0.0/16 via 10.253.253.2
>>
>> box2:
>> modprobe ip_gre
>> ip link set gre0 up
>> ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161 ttl 20 dev
>> eth0
>> ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24
>> ip link set dev gretun up
>> ip route add 10.1.0.0/16 via 10.253.253.1
>>
>> tcpdump shows NO rx or tx traffic from either box that isn't ARP or SSH.
>>
>> It's as if it's not even trying to bring the tunnel up. I'm a Cisco guy,
>> so I'm lost with my show commands.
>>
>> The other variations I've tried consist mostly of trying different
>> combinations of on-net (in the same subnet as eth0 and even the same address
>> as eth0) and off-net (various combinations of loopback /24 and /32 addresses
>> in separate 10 space) on the 'ip addr add dev gretun' statements. But the
>> above example is what *should* work on a Cisco, I think. It's been a
>> while.
>>
>> How do I troubleshoot this? This is all I've got so far:
>>
>> root@den1tun01:/home/root $ ip link
>> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc pfifo_fast qlen 1000
>> link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
>> 3: eth0.2: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc noqueue
>> link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
>> 4: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
>> link/gre 0.0.0.0 brd 0.0.0.0
>> 5: gretun@eth0: <POINTOPOINT,NOARP,UP> mtu 8776 qdisc noqueue
>> link/gre 66.1.1.161 peer 66.1.2.161
>>
>> root@den1tun01:/home/root $ ip tun
>> gre0: gre/ip remote any local any ttl inherit nopmtudisc
>> gretun: gre/ip remote 66.1.2.161 local 66.1.1.161 dev eth0 ttl 20
>>
>> root@den1tun01:/home/root $ ifconfig
>> eth0 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9
>> inet addr:10.1.2.243 Bcast:10.1.3.255 Mask:255.255.254.0
>> UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1
>> RX packets:3357 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:484 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:230757 (225.3 KiB) TX bytes:63937 (62.4 KiB)
>> Interrupt:169 Memory:f8000000-f8011100
>>
>> eth0.2 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9
>> inet addr:66.1.1.161 Bcast:66.1.1.191 Mask:255.255.255.192
>> UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1
>> RX packets:950 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:43860 (42.8 KiB) TX bytes:1200 (1.1 KiB)
>>
>> gretun Link encap:UNSPEC HWaddr
>> 42-0B-33-A1-FF-C0-00-00-00-00-00-00-00-00-00-00
>> inet addr:10.253.253.1 P-t-P:10.253.253.2 Mask:255.255.255.0
>> UP POINTOPOINT RUNNING NOARP MTU:8776 Metric:1
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:0 (0.0 b) TX bytes:756 (756.0 b)
>>
>> gre0 Link encap:UNSPEC HWaddr
>> 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
>> UP RUNNING NOARP MTU:1476 Metric:1
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>>
>> lo Link encap:Local Loopback
>> inet addr:127.0.0.1 Mask:255.0.0.0
>> UP LOOPBACK RUNNING MTU:16436 Metric:1
>> RX packets:225 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:13271 (12.9 KiB) TX bytes:13271 (12.9 KiB)
>>
>>
>> I've also tried changing the destination for the route to the near end of
>> the private subnet and tried pinging various things on the tunnel subnet and
>> remote network to create "interesting traffic" to bring the tunnel up but
>> tcpdump still shows nothing.
>>
>> Then I noticed that ping does show an error count:
>>
>> [root@den1tun01 ~]# ping 10.253.253.2
>> PING 10.253.253.2 (10.253.253.2) 56(84) bytes of data.
>>> From 10.253.253.1 icmp_seq=0 Destination Host Unreachable
>>> From 10.253.253.1 icmp_seq=1 Destination Host Unreachable
>>
>> --- 10.253.253.2 ping statistics ---
>> 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1000ms
>> , pipe 2
>>
>> I can ping the local end: 10.253.253.1, but the tunnel is still
>> non-functinoal.
>>
>> Thanks!
>> Greg
>>
>> _______________________________________________
>> LARTC mailing list
>> LARTC@mailman.ds9a.nl
>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] GRE tunnel
2007-06-21 17:52 [LARTC] GRE tunnel Greg Hartung
2007-06-26 23:01 ` Greg Hartung
2007-06-27 16:29 ` Greg Hartung
@ 2007-06-27 20:54 ` mark
2007-06-27 23:23 ` Gustin Johnson
3 siblings, 0 replies; 5+ messages in thread
From: mark @ 2007-06-27 20:54 UTC (permalink / raw)
To: lartc
On Wed, 2007-06-27 at 10:29 -0600, Greg Hartung wrote:
> Finally, a hint of light:
>
> The first is a tcpdump while pinging the remote end, 66.1.2.161, and it
> looks normal:
>
> 10:12:10.441842 > 00:19:b9:dd:ff:d9 ip 100: IP 66.1.1.161 > 66.1.2.161: icmp
> 64: echo request seq 1
> 10:12:10.442344 < 00:01:e8:0f:ee:f8 ip 100: IP 66.1.2.161 > 66.1.1.161: icmp
> 64: echo reply seq 1
>
> This next is a ping of the remote tunnel end, 10.253.253.2
>
> 10:12:18.970786 > 00:19:b9:dd:ff:d9 arp 44: arp who-has 66.1.2.161 tell
> 66.1.1.161
>
> I am *very* confused by this. Somehow, when I try to send traffic thru the
> tunnel, it thinks that the remote physical end is directly attached and
> should ARP for it even tho it is pingable?!?!!? It is definitely not on-net
> - it is many hops away - but it is reachable via a default route.
Hmmm... interrestig. What does "ip ro get 66.1.2.161" say? And for
10.253.253.2?
Regards,
Mark.
> Routing table before the tunnel is configured:
>
> [root@den1tun01 ~]# netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> 66.1.1.128 0.0.0.0 255.255.255.192 U 0 0 0
> eth0.2
> 10.1.2.0 0.0.0.0 255.255.254.0 U 0 0 0
> eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth0.2
> 10.0.0.0 10.1.2.254 255.0.0.0 UG 0 0 0
> eth0
> 0.0.0.0 66.11.51.129 0.0.0.0 UG 0 0 0
> eth0.2
> [root@den1tun01 ~]#
>
> And while it's configured:
>
> [root@den1tun01 ~]# netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> 66.1.1.128 0.0.0.0 255.255.255.192 U 0 0 0
> eth0.2
> 10.253.253.0 0.0.0.0 255.255.255.0 U 0 0 0
> gretun
> 10.1.2.0 0.0.0.0 255.255.254.0 U 0 0 0
> eth0
> 10.50.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> gretun
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth0.2
> 10.0.0.0 10.1.2.254 255.0.0.0 UG 0 0 0
> eth0
> 0.0.0.0 66.11.51.129 0.0.0.0 UG 0 0 0
> eth0.2
>
>
>
> On 6/26/07 5:01 PM, "Greg Hartung" <ghartung@photobucket.com> wrote:
>
> >
> > I'm still stuck on this one and could really use some help. I just
> > finished trying it on an FC3 box too to make sure it wasn't CentOS specific
> > issue but there's still no output from tcpdump.
> >
> > I also spent some time looking over Cisco examples to make sure I wasn't
> > misremembering the concepts. No surprises there.
> >
> > Does anyone have any ideas or can someone suggest a more appropriate
> > forum for the question?
> >
> > Thanks!!
> >
> > On 6/21/07 11:52 AM, "Greg Hartung" <ghartung@photobucket.com> wrote:
> >
> >>
> >> I am trying to setup GRE between two CentOS 4.5 boxes. I have tried
> >> several variations of what's listed below, but none of them work.
> >>
> >> box1:
> >> modprobe ip_gre
> >> ip link set gre0 up
> >> ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20 dev
> >> eth0
> >> ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24
> >> ip link set dev gretun up
> >> ip route add 10.2.0.0/16 via 10.253.253.2
> >>
> >> box2:
> >> modprobe ip_gre
> >> ip link set gre0 up
> >> ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161 ttl 20 dev
> >> eth0
> >> ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24
> >> ip link set dev gretun up
> >> ip route add 10.1.0.0/16 via 10.253.253.1
> >>
> >> tcpdump shows NO rx or tx traffic from either box that isn't ARP or SSH.
> >>
> >> It's as if it's not even trying to bring the tunnel up. I'm a Cisco guy,
> >> so I'm lost with my show commands.
> >>
> >> The other variations I've tried consist mostly of trying different
> >> combinations of on-net (in the same subnet as eth0 and even the same address
> >> as eth0) and off-net (various combinations of loopback /24 and /32 addresses
> >> in separate 10 space) on the 'ip addr add dev gretun' statements. But the
> >> above example is what *should* work on a Cisco, I think. It's been a
> >> while.
> >>
> >> How do I troubleshoot this? This is all I've got so far:
> >>
> >> root@den1tun01:/home/root $ ip link
> >> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
> >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> >> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc pfifo_fast qlen 1000
> >> link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
> >> 3: eth0.2: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc noqueue
> >> link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
> >> 4: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
> >> link/gre 0.0.0.0 brd 0.0.0.0
> >> 5: gretun@eth0: <POINTOPOINT,NOARP,UP> mtu 8776 qdisc noqueue
> >> link/gre 66.1.1.161 peer 66.1.2.161
> >>
> >> root@den1tun01:/home/root $ ip tun
> >> gre0: gre/ip remote any local any ttl inherit nopmtudisc
> >> gretun: gre/ip remote 66.1.2.161 local 66.1.1.161 dev eth0 ttl 20
> >>
> >> root@den1tun01:/home/root $ ifconfig
> >> eth0 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9
> >> inet addr:10.1.2.243 Bcast:10.1.3.255 Mask:255.255.254.0
> >> UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1
> >> RX packets:3357 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:484 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:1000
> >> RX bytes:230757 (225.3 KiB) TX bytes:63937 (62.4 KiB)
> >> Interrupt:169 Memory:f8000000-f8011100
> >>
> >> eth0.2 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9
> >> inet addr:66.1.1.161 Bcast:66.1.1.191 Mask:255.255.255.192
> >> UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1
> >> RX packets:950 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:0
> >> RX bytes:43860 (42.8 KiB) TX bytes:1200 (1.1 KiB)
> >>
> >> gretun Link encap:UNSPEC HWaddr
> >> 42-0B-33-A1-FF-C0-00-00-00-00-00-00-00-00-00-00
> >> inet addr:10.253.253.1 P-t-P:10.253.253.2 Mask:255.255.255.0
> >> UP POINTOPOINT RUNNING NOARP MTU:8776 Metric:1
> >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:0
> >> RX bytes:0 (0.0 b) TX bytes:756 (756.0 b)
> >>
> >> gre0 Link encap:UNSPEC HWaddr
> >> 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
> >> UP RUNNING NOARP MTU:1476 Metric:1
> >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:0
> >> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> >>
> >> lo Link encap:Local Loopback
> >> inet addr:127.0.0.1 Mask:255.0.0.0
> >> UP LOOPBACK RUNNING MTU:16436 Metric:1
> >> RX packets:225 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:0
> >> RX bytes:13271 (12.9 KiB) TX bytes:13271 (12.9 KiB)
> >>
> >>
> >> I've also tried changing the destination for the route to the near end of
> >> the private subnet and tried pinging various things on the tunnel subnet and
> >> remote network to create "interesting traffic" to bring the tunnel up but
> >> tcpdump still shows nothing.
> >>
> >> Then I noticed that ping does show an error count:
> >>
> >> [root@den1tun01 ~]# ping 10.253.253.2
> >> PING 10.253.253.2 (10.253.253.2) 56(84) bytes of data.
> >>> From 10.253.253.1 icmp_seq=0 Destination Host Unreachable
> >>> From 10.253.253.1 icmp_seq=1 Destination Host Unreachable
> >>
> >> --- 10.253.253.2 ping statistics ---
> >> 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1000ms
> >> , pipe 2
> >>
> >> I can ping the local end: 10.253.253.1, but the tunnel is still
> >> non-functinoal.
> >>
> >> Thanks!
> >> Greg
> >>
> >> _______________________________________________
> >> LARTC mailing list
> >> LARTC@mailman.ds9a.nl
> >> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> >
> > _______________________________________________
> > LARTC mailing list
> > LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] GRE tunnel
2007-06-21 17:52 [LARTC] GRE tunnel Greg Hartung
` (2 preceding siblings ...)
2007-06-27 20:54 ` mark
@ 2007-06-27 23:23 ` Gustin Johnson
3 siblings, 0 replies; 5+ messages in thread
From: Gustin Johnson @ 2007-06-27 23:23 UTC (permalink / raw)
To: lartc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I noticed that the private ip is on the same subnet on both sides of the
tunnel. When I have done this in the past there were two separate
subnets (eg. 10.253.253.0/24 and 10.253.254.0/24). I have never tried
it exactly as you have.
I also do not have any more gre tunnels in service. So this is from an
old script of mine.
Anyway, the syntax and order that I used is:
Box A
modprobe ip_gre
ip tunnel add gre0 mode gre remote 66.1.2.161 local 66.1.1.161 ttl 255
ip addr add 10.253.253.1 dev gre0
ip link set gre0 up
ip route add 10.253.254.0/24 dev gre0
Box B
modprobe ip_gre
ip tunnel add gre0 mode gre remote 66.1.1.161 local 66.1.2.161 ttl 255
ip addr add 10.253.254.1 dev gre0
ip link set gre0 up
ip route add 10.253.253.0/24 dev gre0
Hope this helps,
Greg Hartung wrote:
> I'm still stuck on this one and could really use some help. I just
> finished trying it on an FC3 box too to make sure it wasn't CentOS specific
> issue but there's still no output from tcpdump.
>
> I also spent some time looking over Cisco examples to make sure I wasn't
> misremembering the concepts. No surprises there.
>
> Does anyone have any ideas or can someone suggest a more appropriate
> forum for the question?
>
> Thanks!!
>
> On 6/21/07 11:52 AM, "Greg Hartung" <ghartung@photobucket.com> wrote:
>
>> I am trying to setup GRE between two CentOS 4.5 boxes. I have tried
>> several variations of what's listed below, but none of them work.
>>
>> box1:
>> modprobe ip_gre
>> ip link set gre0 up
>> ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20 dev
>> eth0
>> ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24
>> ip link set dev gretun up
>> ip route add 10.2.0.0/16 via 10.253.253.2
>>
>> box2:
>> modprobe ip_gre
>> ip link set gre0 up
>> ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161 ttl 20 dev
>> eth0
>> ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24
>> ip link set dev gretun up
>> ip route add 10.1.0.0/16 via 10.253.253.1
>>
>> tcpdump shows NO rx or tx traffic from either box that isn't ARP or SSH.
>>
>> It's as if it's not even trying to bring the tunnel up. I'm a Cisco guy,
>> so I'm lost with my show commands.
>>
>> The other variations I've tried consist mostly of trying different
>> combinations of on-net (in the same subnet as eth0 and even the same address
>> as eth0) and off-net (various combinations of loopback /24 and /32 addresses
>> in separate 10 space) on the 'ip addr add dev gretun' statements. But the
>> above example is what *should* work on a Cisco, I think. It's been a
>> while.
>>
>> How do I troubleshoot this? This is all I've got so far:
>>
>> root@den1tun01:/home/root $ ip link
>> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc pfifo_fast qlen 1000
>> link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
>> 3: eth0.2: <BROADCAST,MULTICAST,UP> mtu 8800 qdisc noqueue
>> link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff
>> 4: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
>> link/gre 0.0.0.0 brd 0.0.0.0
>> 5: gretun@eth0: <POINTOPOINT,NOARP,UP> mtu 8776 qdisc noqueue
>> link/gre 66.1.1.161 peer 66.1.2.161
>>
>> root@den1tun01:/home/root $ ip tun
>> gre0: gre/ip remote any local any ttl inherit nopmtudisc
>> gretun: gre/ip remote 66.1.2.161 local 66.1.1.161 dev eth0 ttl 20
>>
>> root@den1tun01:/home/root $ ifconfig
>> eth0 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9
>> inet addr:10.1.2.243 Bcast:10.1.3.255 Mask:255.255.254.0
>> UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1
>> RX packets:3357 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:484 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:230757 (225.3 KiB) TX bytes:63937 (62.4 KiB)
>> Interrupt:169 Memory:f8000000-f8011100
>>
>> eth0.2 Link encap:Ethernet HWaddr 00:19:B9:DD:FF:D9
>> inet addr:66.1.1.161 Bcast:66.1.1.191 Mask:255.255.255.192
>> UP BROADCAST RUNNING MULTICAST MTU:8800 Metric:1
>> RX packets:950 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:43860 (42.8 KiB) TX bytes:1200 (1.1 KiB)
>>
>> gretun Link encap:UNSPEC HWaddr
>> 42-0B-33-A1-FF-C0-00-00-00-00-00-00-00-00-00-00
>> inet addr:10.253.253.1 P-t-P:10.253.253.2 Mask:255.255.255.0
>> UP POINTOPOINT RUNNING NOARP MTU:8776 Metric:1
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:0 (0.0 b) TX bytes:756 (756.0 b)
>>
>> gre0 Link encap:UNSPEC HWaddr
>> 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
>> UP RUNNING NOARP MTU:1476 Metric:1
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>>
>> lo Link encap:Local Loopback
>> inet addr:127.0.0.1 Mask:255.0.0.0
>> UP LOOPBACK RUNNING MTU:16436 Metric:1
>> RX packets:225 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:225 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:13271 (12.9 KiB) TX bytes:13271 (12.9 KiB)
>>
>>
>> I've also tried changing the destination for the route to the near end of
>> the private subnet and tried pinging various things on the tunnel subnet and
>> remote network to create "interesting traffic" to bring the tunnel up but
>> tcpdump still shows nothing.
>>
>> Then I noticed that ping does show an error count:
>>
>> [root@den1tun01 ~]# ping 10.253.253.2
>> PING 10.253.253.2 (10.253.253.2) 56(84) bytes of data.
>>> From 10.253.253.1 icmp_seq=0 Destination Host Unreachable
>>> From 10.253.253.1 icmp_seq=1 Destination Host Unreachable
>> --- 10.253.253.2 ping statistics ---
>> 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1000ms
>> , pipe 2
>>
>> I can ping the local end: 10.253.253.1, but the tunnel is still
>> non-functinoal.
>>
>> Thanks!
>> Greg
>>
>> _______________________________________________
>> LARTC mailing list
>> LARTC@mailman.ds9a.nl
>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGgvFawRXgH3rKGfMRAnXQAJ9FeeexFg7Qy1M8atRipjVpmTpO+gCdG8er
10WWOmM8YDMj0m9XECRlSv8=PsPK
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-06-27 23:23 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-06-21 17:52 [LARTC] GRE tunnel Greg Hartung
2007-06-26 23:01 ` Greg Hartung
2007-06-27 16:29 ` Greg Hartung
2007-06-27 20:54 ` mark
2007-06-27 23:23 ` Gustin Johnson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.