Task
● Configure two GRE tunnels between R4 and R5 as follows:
● Tunnel45 with IPv4 addresses 172.16.0.Y/24, where Y is the router number, sourced from VLAN 45 Ethernet link.
● Tunnel100 with IPv4 addresses 172.16.0.Y/24, where Y is the router number, sourced from VLAN 100 Ethernet link.
● Configure IPv4 static routes on R5 for R4’s Loopback0 interface via both Tunnel100 and Tunnel45.
● Configure IPv4 static routes on R4 for R5’s Loopback0 interface via both Tunnel100 and Tunnel45.
● The static routes on R4 and R5 via the Tunnel45 should have a higher administrative distance than those on Tunnel100.
● Configure the backup interface feature on R4 and R5 so that if the Tunnel100 goes down, Tunnel45 is activated.
● Ensure that the backup link is activated 3 seconds after the main link fails, and deactivated when the main link is active for 60 seconds.
● To verify this configuration, ensure that traffic between Loopback0 prefixes of R4 and R5 is routed out Tunnel100:
● If Tunnel100 interface state goes DOWN, traffic is rerouted out on Tunnel45.
Explanation
In this example, R4 and R5 use the backup interface feature along with duplicate routing information to perform both traffic engineering and redundancy.
With the backup interface configured on R4’s and R5's point-to-point GRE Tunnel100 interface, R4 and R5 wait for the line protocol of Tunnel100 interface to go DOWN before GRE interface Tunnel45 is activated. The following rules and restrictions apply when implementing the backup interface functionality:
● The primary/active interface being backed up must be a point-to-point interface type, because its state can be better determined.
● The secondary/standby interface acting as backup can be any interface except sub-interface, because the state of the main interface determines the state of sub-interfaces in general.
Verify that backup interface is correctly configured, and Tunnel45 waits for Tunnel100 to go DOWN to become active.
R4
show backup
show ip interface brief | i Tunnel
R5
show backup
show ip interface brief | i Tunnel
Verify that traffic between Loopback0 prefixes of R4 and R5 is primarily routed over GRE Tunnel100.
R4
show ip route 10.1.5.5
R5
show ip route 10.1.4.4
traceroute 10.1.4.4 source loopback0
Disable VLAN 100 interface on both R4 and R5, which will trigger the backup Tunnel45 interface to go UP after the configured delay of 3 seconds.
R4
debug backup
Backup events debugging is on
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
interface GigabitEthernet0/0.100
shutdown
R5
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
interface GigabitEthernet 0/0.100
shutdown
R4#
Verify that the backup interface is now active.
show backup
sho ip interface brief | i Tunnel
Verify that traffic between Loopback0 is now routed over GRE Tunnel45.
R4
show ip route 10.1.5.5
R5
show ip route 10.1.4.4
traceroute 10.1.4.4 source loopback0
When R4's and R5's VLAN 100 interfaces are re-enabled, Tunnel100 interface is reactivated after the configured delay of 60 seconds.
R4
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
interface GigabitEthernet0/0.100
no shutdown
R5
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
interface GigabitEthernet0/0.100
no shutdown
R4
debug backup
Backup events debugging is on
Verify that the primary interface is active and traffic is re-routed over Tunnel100.
R4
show backup
R5
show backup
Note:
Because end-to-end connectivity between GRE tunnel endpoints is not implemented, the design flaw with this configuration is that if the Tunnel100 interface goes DOWN on one side only, traffic is blackholed.
Let's disable the VLAN 100 Ethernet link on one side only, for example, on R4; note that R4 and R5 have different perspectives of the network state.
R4
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
interface GigabitEthernet0/0.100
shutdown
show backup
R5
show backup
This results in traffic being blackholed as R5 routes traffic over Tunnel100, which is disabled on R4, and R4 routes traffic over Tunnel45, which is in standby mode on R5.
R4
show ip route 10.1.5.5
show ip interface brief | i Tunnel
R5
show ip route 10.1.4.4
show ip interface brief | i Tunnel
traceroute 10.1.4.4 source loopback0 ttl 1 2
Configuration
R4:
interface Tunnel45
ip address 172.16.0.4 255.255.255.0
tunnel mode gre ip
tunnel source 172.16.45.4
tunnel destination 172.16.45.5
!
interface Tunnel100
ip address 172.16.0.4 255.255.255.0
tunnel mode gre ip
tunnel source 169.254.100.4
tunnel destination 169.254.100.5
backup interface Tunnel45
backup delay 3 60
!
ip route 10.1.5.5 255.255.255.255 Tunnel100 10
ip route 10.1.5.5 255.255.255.255 Tunnel45 20
R5:
interface Tunnel45
ip address 172.16.0.5 255.255.255.0
tunnel mode gre ip
tunnel source 172.16.45.5
tunnel destination 172.16.45.4
!
interface Tunnel100
ip address 172.16.0.5 255.255.255.0
tunnel mode gre ip
tunnel source 169.254.100.5
tunnel destination 169.254.100.4
backup interface Tunnel45
backup delay 3 60
!
ip route 10.1.4.4 255.255.255.255 Tunnel100 10
ip route 10.1.4.4 255.255.255.255 Tunnel45 20
