SR6608-X同一个三层物理接口下封装多个gre tunnel接口down处理案例

用户组网：

用户在同一物理链路下起了两个tunnel口，为了实现不同局域网的路由隔离，在不同的tunnel口下绑定了vpn实例，正常配置后，发现两端设备都只有一个tunnel口可以up，另外一个tunnel口down。

[H3C]%Dec 18 21:05:08:275 2017 H3C IFNET/5/LINK_UPDOWN: Line protocol state on the interface Tunnel1 changed to down.

 

查看debugging tunnel all信息：
<H3C>*Dec 18 21:10:23:924 2017 H3C TUNNEL/7/packet:
 Tunnel2 packet: Fast forwarded the de-encapsulated packet.
*Dec 18 21:10:24:978 2017 H3C TUNNEL/7/packet:
 Tunnel2 packet: Fast forwarded the de-encapsulated packet.
*Dec 18 21:10:25:274 2017 H3C TUNNEL/7/event:
 Tunnel1: No keepalive packet received from the peer.
*Dec 18 21:10:29:196 2017 H3C TUNNEL/7/packet:
 Tunnel2 packet: Fast forwarded the de-encapsulated packet.
*Dec 18 21:10:30:249 2017 H3C TUNNEL/7/packet:
 Tunnel2 packet: Fast forwarded the de-encapsulated packet.
*Dec 18 21:10:30:274 2017 H3C TUNNEL/7/event:
 Tunnel1: No keepalive packet received from the peer.
*Dec 18 21:10:34:458 2017 H3C TUNNEL/7/packet:
 Tunnel2 packet: Fast forwarded the de-encapsulated packet.
*Dec 18 21:10:35:274 2017 H3C TUNNEL/7/event:
 Tunnel1: No keepalive packet received from the peer.
*Dec 18 21:10:35:510 2017 H3C TUNNEL/7/packet:
 Tunnel2 packet: Fast forwarded the de-encapsulated packet.

发现tunnel1没有从对端收到keepalive报文，查看配置tunnel口下都配置了 keepalive 5 3，如果tunnel口在3次收不到keepalive报文时，便会down掉。因为两个tunnel接口是封装在同一个物理接口ip地址，导致每个tunnel口发出的keepalive报文格式一致，于是对端的tunnel口没法识别，先收到的keepalive报文的tunnel口就会处于保活up状态，其他tunnel口就一致没法收到keepalive报文而down掉。
 

方法一：删除tunnel口keepalive配置，即关闭tunnel口保活功能；

方法二：三层物理口下配置子接口，不同tunnel口源目地址指定不同的子接口ip。

tunnel口下的keepalive保活功能常结合静态路由使用，不同的tunnel口不建议封装在同一个物理接口地址下，否则就要把keepalive保活功能关闭。