用户组网:
用户在同一物理链路下起了两个tunnel口,为了实现不同局域网的路由隔离,在不同的tunnel口下绑定了vpn实例,正常配置后,发现两端设备都只有一个tunnel口可以up,另外一个tunnel口down。
[H3C]%Dec 18 21:05:08:275 2017 H3C IFNET/5/LINK_UPDOWN: Line protocol state on the interface Tunnel1 changed to down.
查看debugging tunnel all信息:
<H3C>*Dec 18 21:10:23:924 2017 H3C TUNNEL/7/packet:
Tunnel2 packet: Fast forwarded the de-encapsulated packet.
*Dec 18 21:10:24:978 2017 H3C TUNNEL/7/packet:
Tunnel2 packet: Fast forwarded the de-encapsulated packet.
*Dec 18 21:10:25:274 2017 H3C TUNNEL/7/event:
Tunnel1: No keepalive packet received from the peer.
*Dec 18 21:10:29:196 2017 H3C TUNNEL/7/packet:
Tunnel2 packet: Fast forwarded the de-encapsulated packet.
*Dec 18 21:10:30:249 2017 H3C TUNNEL/7/packet:
Tunnel2 packet: Fast forwarded the de-encapsulated packet.
*Dec 18 21:10:30:274 2017 H3C TUNNEL/7/event:
Tunnel1: No keepalive packet received from the peer.
*Dec 18 21:10:34:458 2017 H3C TUNNEL/7/packet:
Tunnel2 packet: Fast forwarded the de-encapsulated packet.
*Dec 18 21:10:35:274 2017 H3C TUNNEL/7/event:
Tunnel1: No keepalive packet received from the peer.
*Dec 18 21:10:35:510 2017 H3C TUNNEL/7/packet:
Tunnel2 packet: Fast forwarded the de-encapsulated packet.
发现tunnel1没有从对端收到keepalive报文,查看配置tunnel口下都配置了 keepalive 5 3,如果tunnel口在3次收不到keepalive报文时,便会down掉。因为两个tunnel接口是封装在同一个物理接口ip地址,导致每个tunnel口发出的keepalive报文格式一致,于是对端的tunnel口没法识别,先收到的keepalive报文的tunnel口就会处于保活up状态,其他tunnel口就一致没法收到keepalive报文而down掉。
方法一:删除tunnel口keepalive配置,即关闭tunnel口保活功能;
方法二:三层物理口下配置子接口,不同tunnel口源目地址指定不同的子接口ip。
tunnel口下的keepalive保活功能常结合静态路由使用,不同的tunnel口不建议封装在同一个物理接口地址下,否则就要把keepalive保活功能关闭。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作