Online Expert Day - HPE Data Storage - Live Now
April 24/25 - Online Expert Day - HPE Data Storage - Live Now
Read more
Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Help with GRE tunnel in comware7

SOLVED
Go to solution
drolfe
Valued Contributor

Help with GRE tunnel in comware7

HI,

I've trying to setup a gre tunnel between an Comware7 switch and a ubuntu server

Ubuntu server looks ok, I can see GRE packets leaving the network however the comware tun is Down Down

Comware7

[HP-5900-Stack]int tun 0
[HP-5900-Stack-Tunnel0]dis thi
#
interface Tunnel0 mode gre
 ip address 192.168.70.1 255.255.255.0
 source Vlan-interface40
 destination 192.168.10.117
#
return
[HP-5900-Stack-Tunnel0]


[HP-5900-Stack]dis int tu b
Brief information on interface(s) under route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Main IP Description
Tun0 DOWN DOWN 192.168.70.1

[HP-5900-Stack]dis int vl 40 b
Brief information on interface(s) under route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Main IP Description
Vlan40 UP UP 192.168.10.20


[HP-5900-Stack]ping 192.168.10.117
Ping 192.168.10.117 (192.168.10.117): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.10.117: icmp_seq=0 ttl=64 time=2.973 ms
56 bytes from 192.168.10.117: icmp_seq=1 ttl=64 time=1.080 ms
--- Ping statistics for 192.168.10.117 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.011/1.419/2.973/0.777 ms
[HP-5900-Stack] 

 

Ubuntu

auto gre1
iface gre1 inet tunnel
  mode gre
  netmask 255.255.255.0
  address 192.168.70.2
  dstaddr 192.168.70.1
  endpoint 192.168.10.20
  local 192.168.10.117
  ttl 255
root@erspan:~#


root@erspan:~# tcpdump -npi eth0 proto GRE
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes


12:32:51.901317 IP 192.168.10.117 > 192.168.10.20: GREv0, length 60: IP6 fe80::5efe:c0a8:a75 > ff02::2: ICMP6, router solicitation, length 16
12:32:55.909422 IP 192.168.10.117 > 192.168.10.20: GREv0, length 60: IP6 fe80::5efe:c0a8:a75 > ff02::2: ICMP6, router solicitation, length 16
12:32:59.917338 IP 192.168.10.117 > 192.168.10.20: GREv0, length 60: IP6 fe80::5efe:c0a8:a75 > ff02::2: ICMP6, router solicitation, length 16

 

I"m not sure what I"m doing wrong, I did see some comware5 howto's that show you need a service loop back but I couldn't see how to do this on comware7 ?

Any help would be great

Regards, Daniel

3 REPLIES
drolfe
Valued Contributor
Solution

Re: Help with GRE tunnel in comware7

OK I've got this working now.

In order for the gre tunnel to become active you need to bind a tunnel service loopback to a physical interface. The interface can be just a free port wihtout any cabled connected to it

Add service loop-back

[HP-5900-Stack-Ten-GigabitEthernet1/0/20]dis this
#
interface Ten-GigabitEthernet1/0/20
 port link-mode bridge
 shutdown
#
return

[HP-5900-Stack-Ten-GigabitEthernet1/0/20]port service-loopback group 1
All configurations on the interface will be lost. Continue?[Y/N]:y
[HP-5900-Stack-Ten-GigabitEthernet1/0/20]dis this
#
interface Ten-GigabitEthernet1/0/20
 port link-mode bridge
 port service-loopback group 1
#
return

 

Now my GRE tunnel is up

[HP-5900-Stack]dis int Tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64kbps
Maximum Transmit Unit: 1476
Internet Address is 192.168.70.1/24 Primary
Tunnel source 192.168.10.20, destination 192.168.10.117
Tunnel keepalive disabled
Tunnel TTL 255
Tunnel protocol/transport GRE/IP
    GRE key disabled
    Checksumming of GRE packets disabled
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops

[HP-5900-Stack]ping 192.168.70.2
Ping 192.168.70.2 (192.168.70.2): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.70.2: icmp_seq=0 ttl=64 time=3.631 ms
56 bytes from 192.168.70.2: icmp_seq=1 ttl=64 time=1.211 ms
56 bytes from 192.168.70.2: icmp_seq=2 ttl=64 time=0.987 ms
56 bytes from 192.168.70.2: icmp_seq=3 ttl=64 time=1.003 ms
56 bytes from 192.168.70.2: icmp_seq=4 ttl=64 time=0.980 ms

--- Ping statistics for 192.168.70.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.980/1.562/3.631/1.038 ms
[HP-5900-Stack]

 

Below is a diagram I put together to document this setup

GRE_SPAN_Comware7.jpg

HugoFS
Occasional Visitor

Re: Help with GRE tunnel in comware7

And any ideas how to get OSPF peering across a GRE tunnel on Comware 7?  We are trying to peer OSPF but the multicast hellos are received on the physical interface but not passed up to the Tunnel interface.   We've tried "service-loopback group 1 type tunnel" and "service-loopback group 1 type tunnel multicast-tunnel", and we've reserved global VLANs for the service loopbacks, but no dice.  We can see the hellos on the wire with GRE encapsulation, and the physical interfaces supporting the tunnels click up received frames, but the Tunnel interfaces never see any multicast frames received.

I can "fix" the issue by defining the Tunnel as OSPF network type NBMA and explicitly defining the peer address, but I'd rather get the problem fixed properly.  However, this uses unicast hellos and these are received on the tunnel interface, obviously,

If we do the same with IS-IS, there's no problem, and adjacencies form straight off.  Again, not an IP multicast, and the incoming multicast counters on the Tunnel interface increment.

I've done this on 7910 switches running 2137, and my colleague on 5900 switches just as a sanity check, with the same result.  What do we need to add for OSPF peering across a GRE tunnel?

sachin-babar
Occasional Visitor

Re: Help with GRE tunnel in comware7

I have be trying to get GRE tunnel UP on comware 7 - 5900 model. Tried with service-loopback binded to physical interface but still tunnel is showing down down. Can someonce help please.