& Switching v5 Workbook -
Advanced Technology Labs - IP
CCIE Routing
CCIE R&S v5
Routing
GRE Backup Interface
A Note On Section Initial Configuration Files: You must load the
initial configuration files for the section, named Basic IP Addressing,
which can be found in
. Reference the Advanced Technology Labs With
Addressing Diagram to complete this task.
Task
Configure two GRE tunnels between R4 and R5 as follows:
Tunnel45 with IPv4 addresses 155.45.0.Y/24, where Y is the router number,
sourced from VLAN 45 Ethernet link.
Tunnel100 with IPv4 addresses 155.100.0.Y/24, where Y is the router
number, sourced from VLAN 100 Ethernet link.
Configure IPv4 static routes on R5 for R4’s Loopback0 interface via both Tunnel100
and Tunnel45.
Configure IPv4 static routes on R4 for R5’s Loopback0 interface via both Tunnel100
and Tunnel45.
The static routes on R4 and R5 via the Tunnel45 should have a higher administrative
distance than those on Tunnel100.
Configure the backup interface feature on R4 and R5 so that if the Tunnel100 goes
down, Tunnel45 is activated.
Ensure that the backup link is activated 3 seconds after the main link fails, and
deactivated when the main link is active for 60 seconds.
To verify this configuration, ensure that traffic between Loopback0 prefixes of R4 and
R5 is routed out Tunnel100:
If Tunnel100 interface state goes DOWN, traffic is rerouted out on Tunnel45.
Configuration
R4:
interface Tunnel45
ip address 155.45.0.4 255.255.255.0
tunnel mode gre ip
tunnel source 155.1.45.4
tunnel destination 155.1.45.5
!
interface Tunnel100
ip address 155.100.0.4 255.255.255.0
tunnel mode gre ip
tunnel source 169.254.100.4
tunnel destination 169.254.100.5
backup interface Tunnel45
backup delay 3 60
!
ip route 150.1.5.5 255.255.255.255 Tunnel100 10
ip route 150.1.5.5 255.255.255.255 Tunnel45 20
R5:
interface Tunnel45
ip address 155.45.0.5 255.255.255.0
tunnel mode gre ip
tunnel source 155.1.45.5
tunnel destination 155.1.45.4
!
interface Tunnel100
ip address 155.100.0.5 255.255.255.0
tunnel mode gre ip
tunnel source 169.254.100.5
tunnel destination 169.254.100.4
backup interface Tunnel45
backup delay 3 60
!
ip route 150.1.4.4 255.255.255.255 Tunnel100 10
ip route 150.1.4.4 255.255.255.255 Tunnel45 20
Verification
In this example, R4 and R5 use the backup interface feature along with duplicate
routing information to perform both traffic engineering and redundancy. With the
backup interface configured on R4’s and R5’s point-to-point GRE Tunnel100
interface, R4 and R5 wait for the line protocol of Tunnel100 interface to go DOWN
before GRE interface Tunnel45 is activated. The following rules and restrictions
apply when implementing the backup interface functionality:
The primary/active interface being backed up must be a point-to-point interface type,
because its state can be better determined.
The secondary/standby interface acting as backup can be any interface except sub-
interface, because the state of the main interface determines the state of sub-
interfaces in general.
Verify that backup interface is correctly configured, and Tunnel45 waits for
Tunnel100 to go DOWN to become active.
R4#show backup
Primary Interface
Secondary Interface
Status
-------------------------
-------------------------
------
Tunnel100
Tunnel45
normal operation
!R4#show ip interface brief | i Tunnel
Tunnel0
155.1.0.4
YES manual upup
Tunnel45
155.45.0.5
YES manual standby modedown
Tunnel100
155.100.0.5
YES manual upup
!R5#show backup
Primary Interface
Secondary Interface
Status
-------------------------
-------------------------
------
Tunnel100
Tunnel45
normal operation
!R5#show ip interface brief | i Tunnel
Tunnel0
155.1.0.5
YES manual upup
Tunnel45
155.45.0.5
YES manual standby modedown
Tunnel100
155.100.0.5
YES manual upup
Verify that traffic between Loopback0 prefixes of R4 and R5 is primarily routed over
GRE Tunnel100.
R4#show ip route 150.1.5.5
Routing entry for 150.1.5.5/32
Known via "static", distance 10, metric 0 (connected)
Routing Descriptor Blocks:* directly connected, via Tunnel100
Route metric is 0, traffic share count is 1
!R5#show ip route 150.1.4.4
Routing entry for 150.1.4.4/32
Known via "static", distance 10, metric 0 (connected)
Routing Descriptor Blocks:* directly connected, via Tunnel100
Route metric is 0, traffic share count is 1
!R5#traceroute 150.1.4.4 source loopback0
Type escape sequence to abort.
Tracing the route to 150.1.4.4
VRF info: (vrf in name/id, vrf out name/id)1 155.100.0.4 3 msec * 12 msec
Disable VLAN 100 interface on both R4 and R5, which will trigger the backup
Tunnel45 interface to go UP after the configured delay of 3 seconds.
R4#debug backup
Backup events debugging is on
!R4#configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.R4(config)#interface gigabitEthernet 1.100
R4(config-subif)#shutdown
!R5#configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.R5(config)#interface gigabitEthernet 1.100
R5(config-subif)#shutdown
!R4#
BACKUP(Tunnel100): event = primary interface went down
BACKUP(Tunnel100): changed state to "waiting to backup"
BACKUP(Tunnel100): event = timer expired on primary
BACKUP(Tunnel100): secondary interface (Tunnel45) made active
BACKUP(Tunnel100): changed state to "backup mode"
!
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel45, changed state to up
BACKUP(Tunnel45): event = secondary interface came up
%LINK-3-UPDOWN: Interface Tunnel45, changed state to up
Verify that the backup interface is now active.
R4#show backup
Primary Interface
Secondary Interface
Status
-------------------------
-------------------------
------
Tunnel100
Tunnel45
backup mode
!R4#sho ip interface brief | i Tunnel
Tunnel0
155.1.0.4
YES manual updown
Tunnel45
155.45.0.4
YES manual upup
Tunnel100
155.100.0.4
YES manual updown
Verify that traffic between Loopback0 is now routed over GRE Tunnel45.
R4#show ip route 150.1.5.5
Routing entry for 150.1.5.5/32
Known via "static", distance 20, metric 0 (connected)
Routing Descriptor Blocks:* directly connected, via Tunnel45
Route metric is 0, traffic share count is 1
!R5#show ip route 150.1.4.4
Routing entry for 150.1.4.4/32
Known via "static", distance 20, metric 0 (connected)
Routing Descriptor Blocks:* directly connected, via Tunnel45
Route metric is 0, traffic share count is 1
!R5#traceroute 150.1.4.4 source loopback0
Type escape sequence to abort.
Tracing the route to 150.1.4.4
VRF info: (vrf in name/id, vrf out name/id)1 155.45.0.4 5 msec * 3 msec
When R4’s and R5’s VLAN 100 interfaces are re-enabled, Tunnel100 interface is
reactivated after the configured delay of 60 seconds.
R4#configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.R4(config)#interface gigabitEthernet 1.100
R4(config-subif)#no shutdown
!R5#configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.R5(config)#interface gigabitEthernet 1.100
R5(config-subif)#no shutdown
!R4#debug backup
Backup events debugging is on
!R4:
BACKUP(Tunnel100): event = primary interface came up
BACKUP(Tunnel100): changed state to "waiting to revert"
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
Verify that the primary interface is active and traffic is re-routed over Tunnel100.
R4#show backup
Primary Interface
Secondary Interface
Status
-------------------------
-------------------------
------
Tunnel100
Tunnel45
normal operation
!R5#show backup
Primary Interface
Secondary Interface
Status
-------------------------
-------------------------
------
Tunnel100
Tunnel45
normal operation
!R5#traceroute 150.1.4.4 source loopback0
Type escape sequence to abort.
Tracing the route to 150.1.4.4
VRF info: (vrf in name/id, vrf out name/id)1 155.100.0.4 5 msec * 5 msec
Because end-to-end connectivity between GRE tunnel endpoints is
not implemented, the design flaw with this configuration is that if
Tunnel100 interface goes DOWN on one side only, traffic is
blackholed.
Let’s disable the VLAN 100 Ethernet link on one side only, for example on R4; note
that R4 and R5 have different perspectives of the network state.
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.R4(config)#interface gigabitEthernet 1.100
R4(config-subif)#shutdown
!R4#show backup
Primary Interface
Secondary InterfaceStatus
-------------------------
------------------------- ------
Tunnel100
Tunnel45backup mode
!R5#show backup
Primary Interface
Secondary InterfaceStatus
-------------------------
------------------------- ------
Tunnel100
Tunnel45normal operation
This results in traffic being blackholed as R5 routes traffic over Tunnel100, which is
disabled on R4, and R4 routes traffic over Tunnel45, which is in standby mode on
R5.
R4#show ip route 150.1.5.5
Routing entry for 150.1.5.5/32
Known via "static", distance 20, metric 0 (connected)
Routing Descriptor Blocks:* directly connected, via Tunnel45
Route metric is 0, traffic share count is 1
!R4#show ip interface brief | i Tunnel
Tunnel0
155.1.0.4
YES manual updown
Tunnel45
155.45.0.4
YES manual upup
Tunnel100
155.100.0.4
YES manual updown
!R5#show ip route 150.1.4.4
Routing entry for 150.1.4.4/32
Known via "static", distance 10, metric 0 (connected)
Routing Descriptor Blocks:* directly connected, via Tunnel100
Route metric is 0, traffic share count is 1
!
R5#show ip interface brief | i Tunnel
Tunnel0
155.1.0.5
YES manual upup
Tunnel45
155.45.0.5
YES manual standby modedown
Tunnel100
155.100.0.5
YES manual upup
!R5#traceroute 150.1.4.4 source loopback0 ttl 1 2
Type escape sequence to abort.
Tracing the route to 150.1.4.4
VRF info: (vrf in name/id, vrf out name/id)
1 * * * 2 * * *