WAN Routing

Tunnel interfaces in vpn-instances

 
krimerman
New Member

Tunnel interfaces in vpn-instances

Hi,

I have an msr20-20 router.

I configured 8 vpn instances on it , and 8 gre tunnels , each one in different vpn-instances.

the sources of the tunnels are loopbacks , therefore are UP/UP.

Destinations are loopbacks in neighboring (cisco) router , and are reachable because there are static routes configured on the router (in vpn instances ofcourse).

There is basic IP reachability to the tunnel destinations (ping).

The weird thing is that the tunnels are still in DOWN/DOWN state.

 

Just to mention, the tunnels on the neighboring router are in UP/UP with similar configuration.

 

can anyone help me to find why the tunnels wont come up?

 

Thx

3 REPLIES 3
manuel.bitzi
Trusted Contributor

Re: Tunnel interfaces in vpn-instances

Hi krimerman

 

The tunnel-interface don't checks if the tunnel is really up. It only checks the local conditions.

 

post "display interf tunnel x" here, then we can help.

 

 

br

Manuel

H3CSE, MASE Network Infrastructure [2011], Switzerland
J4S
Frequent Visitor

Re: Tunnel interfaces in vpn-instances

I have a similar issue, was just searching the forums for some clues.

 

Have an mpls vpn-instance created on a 12508 switch.  I  have a tunnel interface created within the mpls vpn-instance and using this tunnel interface, and a loopback interface as source that's also in the vpn I want to create a gre tunnel to a cisco device through an ipsec vpn.

 

VPN connectivity is established, both sides can ping the respective remote loopbacks.  Tunnel interface on the cisco side is up, but on the H3C side it remains in the down/down state.

 

I get the feeling from reading the few comments about this that the configuration might be unsupported, you cannot run gre tunnel within the mpls vpn instance.

 

Tested outside of the mpls vpn instance and it works, but that's no good for my requirements, I need to retain customer separation.

 

Any ideas if this is/is not supported within H3C?

 

JC

Peter_Debruyne
Honored Contributor

Re: Tunnel interfaces in vpn-instances

Hi,

 

not sure on this one, but I am tempted to say not supported, since it is still a switch.

Not the same as your question, but in the past I tried configuring a GRE tunnel on a 5800 and then enable it as an mpls interface, but that was not supported on the 5800 switch, while the MSR routers do support this (software process vs asic)

Same would apply for features like double tagged routed subinterfaces, these are only supported on the high end routers (6600/8800), not on the switches or basic routers.

 

So you might be more lucky with the routers, but I would contact HP support for this one to be sure (and feel free to share results if you get them),

 

Best regards,Peter.