'no ip route-cache' on Tunnel interfaces
Hi,
A quick and hopefully simple question. Is there any reason why 'no ip route-cache' and 'no ip mroute-cache' should be configured on Tunnel interfaces?
Generally, when should 'no ip route-cache' be configured on an interface?
Many thanks,
Andy
Andy, no easy question, and prety much send some of us back to basics.. one have to take a deeper look at this command to barely get a good picture. See first link thread , good discussion on your question.. generaly no ip- route-catch improves performance for router forwarding processing desitions.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&topicID=.ee71a06&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbfa166
You can find more details on three types of switching methods such as ( fast switching by ip route catch command ), I believe it helps understand better the commands.
http://www.cisco.com/en/US/tech/tk827/tk831/technologies_white_paper09186a00800a62d9.shtml
Another instance where you would have IP route catch enable on an interface would be for the use of netflow, IP route-cacth command on an interface is requirement for implementing netflow .
Rgds
-Jorge
Similar Messages
-
Mystery Tunnel Interfaces on 2921 Router
Hi All,
I need some help.
For some reason it seems we have 3 Tunnel interfaces on the router, not sure how it got there but we are unable to delete them or configure them.
They seem to take the loopback ip as source and if I delete the loopback interface it chooses another IP.
Output from sh ip int brief, not sure where it gets those IP's from as well.
Tunnel0 172.16.0.1 YES unset up up
Tunnel1 172.16.0.1 YES unset up up
Tunnel2 172.16.0.1 YES unset up up
See below when I try to enter interface config mode:
Router1(config)#int tunnel 0
% This interface cannot be modified
Any suggestions or help will be appreciated.
Regards
ZHi Zubair,
this is due to WCCP. You have WCCP for service 61 and 62 so my guess is you have an optimizer appliance (like WAAS) talking WCCP with this router. The tunnel interfaces are the result of WCCP using GRE encapsulation to redirect the traffic to the WAN optimizers.
you can find more info here:
https://supportforums.cisco.com/docs/DOC-15782
thanks,
Fabrizio -
Is there any benifit of using this command, is it by default on ?
HI Carl,
It enabled fast switching.
There are differet switching methods which can be used,To control the use of switching methods for forwarding IP packets use the ip route-cache command in interface configuration mode.
Using the route cache is often called fast switching. The route cache allows outgoing packets to be load-balanced on a per-destination basis rather than on a per-packet basis. The ip route-cache command with no additional keywords enables fast switching.
Check this link for more details
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hisw_r/ips_a1h.htm#wp1160847
HTH
Ankur -
Tunnel interface to physical interface
Hi All,
I was wondering if it is possible to build a site to site vpn connection one side using tunnel interface and the other end using a physical interface.
My plan is to use a 3945 router, build multiple tunnel interfaces on the router to connect 50 clients. By using tunnel interface on the router i could leverage on the vrf feature to isolate clients but if i use tunnel interface on my end i am not certain if the tunnel will come up if my client is using 1) ASA 2) PIX 3) vpn concentrator - which doesnt support tunnel interface.
Thanks for your help in advance.
LouMark Mattix wrote:I did some reading on EIGRP and is it correct that the EIGRP Header and Payload (TLV) are encapsulated in an IP packet and addressed to the address, 224.0.0.10? Is this the reason why multicast traffic must be encapsulated first in GRE to travel over the internet? Olivier Pelerin> This is correct
When I set up a site to site VPN using GRE tunnels and an IPSec config on the interfaces would this be considered, IPSec over GRE, or GRE over IPSec? I don't understand that difference.
Olivier Pelerin> See the diagram below - this explain GRE over IPSEC. That's a diagram I did here for a training
On the example packet I posted above, is the public address that's routed over the internet part of the IPSec packet/suite? I guess a better question is, what portions of the packet make up IPSec and which portion is just regular IPv4 addressing?
Olivier Pelerin> the diagram below should answer that
I've been wrong in thinking that GRE and IPSec go hand in hand when infact it's possible to only use IPSec and no type of tunnel. If IPSec is set up on the interfaces and the tunnels are configured at both end points, what does your information first get encapsulated by, GRE or IPSec? In your example packet format Olpeleri, is looks like the IP packet is first encapsulated in GRE then encapsulated by IPSec. Is this correct? If so when information leaves our LAN and heads to the internet, does it first go through the tunnel to be encapsulated by GRE then out the physical link that adds the IPSec encapsulation?
Olivier Pelerin> Correct. GRE first then encryption
Sorry for all these questions, I'm just trying to learn how this works! Thanks again for the help!
[red = encrypted] -
Using Tunnel interface on Router
Hi Everyone,
I see hew Tunnel interface on Router.
Router is Running OSPF.
It has no crypto statemets.
tunnel configuration
interface Tunnel1
ip address 10.4.x.x x.x.x.x
delay 7
tunnel source Loopback1
tunnel destination 10.4.x.x
My question is when we use Tunnel interface without any crypto statemets?
Thanks
MAheshThis Tunnel is a plain GRE-Tunnel. These are typically used without crypto when:
1) The traffic is not sent through an untrusted network and a cryptographic protection is not needed.
2) The GRE-traffic gets encrypted on a separate device if the GRE-Endpoint is not capable of doing the needed cryptographic protection.
Sent from Cisco Technical Support iPad App -
Looking for a better solution that tunnel interface
Hi
acctualy I have a Vsat connection between my remote site and central office
on both site we have router and sat modem
I have now a tunnel interface between my two routers,I am looking for a better idea,,hi...
so you have tunnel interface between your two router so now what are you looking for...?
secure IPsec connection or what???
please explaine in details
regards
Devang -
WCCP Creates additional tunnel interfaces
Hi,
I'm having 2911 routers with Cisco WAAS module installed. While configuring the WCCP on the 2911 router, I see additional interface tunnels gets automatically created once I issue ip wccp 61 and ip wccp 62.
It gives these tunnel ip address from 172.16.0.0 block.
for that these tunnels are required ??The tunnels are created automatically to process outgoing GRE encapsulated traffic for WCCP. They appear when a WCCP client connects and requests GRE redirection. There is one tunnel created per service group that is using GRE redirection, plus one additional tunnel to provide an IP address to allow the other tunnel group interfaces to be unnumbered but still enabled for IPv4.
Regards,
Zach -
DLSW and Tunnel Interfaces problem
We have a pair of routers with tunnel interfaces and DLSW between them.
Some times the tunnel interface goes down thus loosing service trough DLSW.
Is there any problem reported between DLSW and this kind of tunel interfaces ?Hi,
i assume you are using dlsw tcp peers.
In general dlsw does not know over what infrastucture the connection really runs. Dlsw gives data to tcp and tcp is responsible for doing the actual transmission.
I dont know of any problems with dlsw and tunnel interfaces in general.
Some more information might help to understand the problem.
What type of tunnel are you using? GRE?
What version of ios are you running?
Do you use additional encapsulation overhead like ipsec ect?
Does tcp on this router use path mtu discovery?
thanks...
Matthias -
Can you add routes to use ipsec0 interface on SRP521W?
I bought a couple of these to trial for location to remote telemedicine sites. However I am only able to route one network range over the IPSec VPN. I have to route multiple network ranges, and I am not able to make any modifications to the static routes for the ipsec0 interface, only WAN1 and LAN1. Ideally, I would change the default route to use ipsec0. But if that isn't an option, then just add specific ranges.
Can anyone help with this?
Thanks,
JimThat sucks. I have never used a GRE tunnel before, I tried yesterday building one to my Nexus 7010 with no success. It seems like it would be so easy if I could just get the option to select the ipsec0 interface when adding static routes.
Can you recommend the next step router or firewall I could use to be able to send all traffic over the VPN, or at least add additional routes or network lists to send over the VPN? I am assuming the ASA 5505 would work perfectly, but I was hoping for a more budget concious option as we'll have these all over town.
Otherwise, if anyone can give me tips or suggestions on how to build the GRE tunnel from the SRP521W to a Nexus 7010 that would be great.
Thanks,
Jim -
Regarding no ip route-cache on Cisco 2960
The users have been complaining about the network is slowness , after checking each lay2 switches, I found under each vlan the no ip route-cache is configured, the module is 2960, I am not sure if the command is there by default or configured manually, it is configured under the vlan interface only, not under each interface, will this be the reason that causing the slow performance? by the way will there be downtime by removing this command?
ThanksNetwork Latency is hard to troubleshoot.
-Isolate which customers are complaining about slow services
-ID the services(is is just shared drive access or just web access or is it everything accross the board)
If its the entire network, you probably have issues at the core or backbone so start looking for something that changed or is not meshing with the original design baseline.
If its isolated to one leg of the network, you can look at interface counters for errors or protocol implementations(maybe STP reconverged to a new link that is slower or root bridge problems are occuring.
You can also look at the CPU on the switches supporting the laggy hosts. If its through the roof, then you probably have a loop or broadcast storm.
Hope this helps, but latency is really hard to troubleshoot until you can isolate the problem down.
Also, ip route-cache is just a higher level of switching. The 2960 is perfectly capable of switching traffic for all of its user ports with the default switching method. -
Where did these tunnel interfaces come from?!?
Hello,
just wondering why one of our routers creates tunnel interfaces dynamically.
I was setting up a GRE tunnel to transport multicast traffic over network. After I was done, I found two extra tunnel interfaces with command show ip interfaces brief and those extra interfaces uses my original tunnel interface as their IP addresses. There is no any configuration regarding to these extra interfaces in running config. How did this happen? Any explanations? Is it relating somehow to my multicast solution?
If I got two dynamically created tunnels does that mean that I have at least two concurrent multicast groups on my router in active state?
Sorry for dummy questions but I have almost zero experience what comes for multicast and last time I studied it in school about 8 year ago...
-JJHi,
These are created dynamically, one to encapsulate multicast packets and the other one to decapsulate. You can see them with the command < show ip pim tunnel > . You can find the description and purpose of these tunnels here:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti/command/imc-cr-book/imc_s1.html#wp9533023710
Hope this helps,
Jose. -
Odd Tunnel Interface behavior - one end requires "no keepalive"
Where's the quick version. Tunnel between sites A & B. This is GRE o IPSEC, but I don't think that's the issue. Tunnel comes up and works great when: site A has no keepalives and site B has no keepalives, and it works when Site A has keepalives turned on and Site B does not. The moment I turn on keepalives on site B, the tunnel goes down.
This isn't a simple config. Site A is an MPLS PE, meaning the Tunnel interface is configured with an fVRF and iVRF. Site B has no VRF's - it is the CE.
Any ideas on how to fix? I need Site B's Tunnel interface to go down when connectivity fails. My current workaround is to use EIGRP to update the routing tables. I need to be able to support redundant paths with static and floating routes.Like this;
Core1-r1#sh access-list ironport2
Extended IP access list ironport2
10 deny tcp host 10.247.254.174 any
20 deny tcp any 192.168.0.0 0.0.255.255
30 deny tcp any 10.0.0.0 0.255.255.255
40 deny tcp host 10.230.3.250 any
50 permit tcp 10.139.60.0 0.0.0.255 any (119568304 matches)
60 permit tcp 10.230.32.0 0.0.0.255 any (9290669 matches)
70 permit tcp host 10.230.48.12 any (141403 matches)
80 permit tcp host 10.230.36.62 any (1456 matches)
90 permit tcp host 10.150.18.7 any (741 matches)
Core1-r1#
10= P1 interface
20= network we don't want to be sent to ironport
30= " "
40= M1 interface
50->90=All testing subnets to go to ironport
Thanks for the feedback! jc -
Dynamic virtual tunnel interface on 2821
I tried to configure a dynamic virtual tunnel interface on a Cisco 2821 with release 12.4(9)T1 advanced ip services, aiming to terminate VPN client ipsec tunnels on it.
The feature is supported by this software release. Documentation says:
- enter configuration
- configure a virtual-template interface
- type "tunnel mode <mode>"
but the router does not accept this command.
Any hint?
Thank you in advance.
DenisTry:
just have to take a look at the concentrator's configuration.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00801ae24c.shtml
and this one is an example with routers
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080143b0a.shtml -
Netflow with tunnel interfaces
Hi I have a customer who is using tunnel interfaces with IPSEC on their WAN. They are collecting Netflow stats and exporting them to a server.Under the tunnel interface I have specified the bandwidth to be 1000.When I did not specify the bandwidth the tunnel speed came up on the management software as being 9kb. This was obviously not a true reflection when observing the data. The far end remote office is terminating via dsl and my question is should I specify the bandwidth under the tunnel interface to be closer to the dsl connection they have there ie 512k? There are many other tunnels coming from the main site and I have not configured Netflow on the this particular remote end.
Hi Justin,
If we would define bandwidth on tunnel interface it will manipulate routing decisions also and tunnel recursiuon issue could also occur where tunnel would see that the best way to reach teh destination is via tunnel itself. Beside taht the actual bandwidth used by the tunnel is based on the physical interface associated with it. -
EEM Tracking two tunnel interfaces at the same time
Hi Everyone,
luckly i just got introduced to EEM lately, and i was wondering how life saver this would be in alot of enviroments..
I am trying to write an EEM to monitor two out of three tunnel interfaces if they went down i'd like to perform an action on the third interface.
i went through online posts and saw there was "event track" under the EEM, but when i login to any of my routers i can't see this, i dont get the option track.
here is what i want to do..
monitor tunnel 100 and tunnel 200 - if the line protocol went down or there are no routing information recieved on them action is to unshut tunnel 300 and tunnel 400
thanks guys for help in advanceHi,
Here is an example that does something similar:
track 10 interface Ethernet0/0 line-protocol
delay up 10
track 11 interface Ethernet0/1 line-protocol
delay up 10
track 12 interface Ethernet0/2 line-protocol
delay up 10
track 13 interface Ethernet0/3 line-protocol
delay up 10
track 19 list threshold percentage
object 10
object 11
object 12
object 13
threshold percentage down 51 up 100
event manager applet DOWN
event track 19 state down
action 1.0 cli command "enable"
action 1.1 cli command "conf t"
action 2.0 cli command "int lo100"
action 2.1 cli command "shut"
action 9.0 syslog priority alerts msg "SWITCHOVER TRIGGER"
event manager applet UP
event track 19 state up
action 1.0 cli command "enable"
action 1.1 cli command "conf t"
action 2.0 cli command "int lo100"
action 2.1 cli command "no shut"
action 9.0 syslog priority alerts msg "PREEMPT TRIGGER“
Maybe you are looking for
-
Control eight 200mA power supplies
I need to control about eight 200mA power supplies. Each supply should be programmable from minus 30 volts to plus 30 volts. I need to be able to sequence the outputs (have one output go to 5V, next another output go to 8V, etc.). The next thing I
-
How to bold the text in text edit control
Dear all, i am using text edit custom control in module pool. i want to bold the text in text edit control.
-
[SOLVED] Problem with UNIX permissions
Hello everyone. It seems I don't have the permission to write in a folder but I don't understand why : olivier:~$ ls -l /srv/ total 8 dr-xr-xr-x 2 root ftp 4096 Feb 14 10:16 ftp drwxrwxr-x 2 http http 4096 Feb 22 16:53 http olivier:~$ cat /etc/group
-
User display settings in Oracle Enterprise Linux 5
Hi all: I have a weird problem with OEL5: I installed it on a (test) server and I access to it from windows machines through XDMCP. The weird thing is that ONE linux user cannot be viewed whereas all the others can. The Xwindow system (Xming) crashes
-
Unchecking compilations deletes information
Hello, I've been having issues sorting music in the latest iteration of iTunes. When syncing to the iPod classic and viewing in cover flow a whole load of albums are grouped together at the end out of alphabetical order. This seems to be because they