'no ip route-cache' on Tunnel interfaces

Similar Messages

• Mystery Tunnel Interfaces on 2921 Router

  Hi All,
  I need some help.
  For some reason it seems we have 3 Tunnel interfaces on the router, not sure how it got there but we are unable to delete them or configure them.
  They seem to take the loopback ip as source and if I delete the loopback interface it chooses another IP.
  Output from sh ip int brief, not sure where it gets those IP's from as well.
  Tunnel0                    172.16.0.1      YES unset  up                    up     
  Tunnel1                    172.16.0.1      YES unset  up                    up     
  Tunnel2                    172.16.0.1      YES unset  up                    up    
  See below when I try to enter interface config mode:
  Router1(config)#int tunnel 0
  % This interface cannot be modified
  Any suggestions or help will be appreciated.
  Regards
  Z

  Hi Zubair,
  this is due to WCCP. You have WCCP for service 61 and 62 so my guess is you have an optimizer appliance (like WAAS) talking WCCP with this router. The tunnel interfaces are the result of WCCP using GRE encapsulation to redirect the traffic to the WAN optimizers.
  you can find more info here:
  https://supportforums.cisco.com/docs/DOC-15782
  thanks,
  Fabrizio

• Ip route cache

  Is there any benifit of using this command, is it by default on ?

  HI Carl,
  It enabled fast switching.
  There are differet switching methods which can be used,To control the use of switching methods for forwarding IP packets use the ip route-cache command in interface configuration mode.
  Using the route cache is often called fast switching. The route cache allows outgoing packets to be load-balanced on a per-destination basis rather than on a per-packet basis. The ip route-cache command with no additional keywords enables fast switching.
  Check this link for more details
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hisw_r/ips_a1h.htm#wp1160847
  HTH
  Ankur

• Tunnel interface to physical interface

  Hi All,
  I was wondering if it is possible to build a site to site vpn connection one side using tunnel interface and the other end using a physical interface.
  My plan is to use a 3945 router, build multiple tunnel interfaces on the router to connect 50 clients. By using tunnel interface on the router i could leverage on the vrf feature to isolate clients  but if i use tunnel interface on my end  i am not certain if the tunnel will come up if my client is using 1) ASA 2) PIX 3) vpn concentrator - which doesnt support tunnel interface.
  Thanks for your help in advance.
  Lou

  Mark Mattix wrote:I did some reading on EIGRP and is it correct that the EIGRP Header and Payload (TLV) are encapsulated in an IP packet and addressed to the address, 224.0.0.10? Is this the reason why multicast traffic must be encapsulated first in GRE to travel over the internet? Olivier Pelerin> This is correct
  When I set up a site to site VPN using GRE tunnels and an IPSec config on the interfaces would this be considered, IPSec over GRE, or GRE over IPSec? I don't understand that difference.
  Olivier Pelerin> See the diagram below - this explain GRE over IPSEC. That's a diagram I did here for a training
  On the example packet I posted above, is the public address that's routed over the internet part of the IPSec packet/suite? I guess a better question is, what portions of the packet make up IPSec and which portion is just regular IPv4 addressing?
  Olivier Pelerin> the diagram below should answer that
  I've been wrong in thinking that GRE and IPSec go hand in hand when infact it's possible to only use IPSec and no type of tunnel. If IPSec is set up on the interfaces and the tunnels are configured at both end points, what does your information first get encapsulated by, GRE or IPSec? In your example packet format Olpeleri, is looks like the IP packet is first encapsulated in GRE then encapsulated by IPSec. Is this correct? If so when information leaves our LAN and heads to the internet, does it first go through the tunnel to be encapsulated by GRE then out the physical link that adds the IPSec encapsulation?
  Olivier Pelerin> Correct. GRE first then encryption
  Sorry for all these questions, I'm just trying to learn how this works! Thanks again for the help!
  [red = encrypted]

• Using Tunnel interface on Router

  Hi Everyone,
  I see hew Tunnel  interface on Router.
  Router is Running OSPF.
  It has no crypto statemets.
  tunnel configuration
  interface Tunnel1
  ip address 10.4.x.x x.x.x.x
  delay 7
  tunnel source Loopback1
  tunnel destination 10.4.x.x
  My question is when we use Tunnel interface without any crypto statemets?
  Thanks
  MAhesh

  This Tunnel is a plain GRE-Tunnel. These are typically used without crypto when:
  1) The traffic is not sent through an untrusted network and a cryptographic protection is not needed.
  2) The GRE-traffic gets encrypted on a separate device if the GRE-Endpoint is not capable of doing the needed cryptographic protection.
  Sent from Cisco Technical Support iPad App

• Looking for a better solution that tunnel interface

  Hi
  acctualy I have a Vsat connection between my remote site and central office
  on both site we have router and sat modem
  I have now a tunnel interface between my two routers,I am looking for a better idea,,

  hi...
  so you have tunnel interface between your two router so now what are you looking for...?
  secure IPsec connection or what???
  please explaine in details
  regards
  Devang

• WCCP Creates additional tunnel interfaces

  Hi,
  I'm having 2911 routers with Cisco WAAS module installed. While configuring the WCCP on the 2911 router, I see additional interface tunnels gets automatically created once I issue ip wccp 61 and ip wccp 62.
  It gives these tunnel ip address from 172.16.0.0 block.
  for that these tunnels are required ??

  The tunnels are created automatically to process outgoing GRE encapsulated traffic for WCCP.  They appear when a WCCP client  connects and requests GRE redirection.  There is one tunnel created per service group that is using GRE redirection, plus one additional tunnel to provide an IP  address to allow the other tunnel group interfaces to be unnumbered but still enabled for IPv4.
  Regards,
  Zach

• DLSW and Tunnel Interfaces problem

  We have a pair of routers with tunnel interfaces and DLSW between them.
  Some times the tunnel interface goes down thus loosing service trough DLSW.
  Is there any problem reported between DLSW and this kind of tunel interfaces ?

  Hi,
  i assume you are using dlsw tcp peers.
  In general dlsw does not know over what infrastucture the connection really runs. Dlsw gives data to tcp and tcp is responsible for doing the actual transmission.
  I dont know of any problems with dlsw and tunnel interfaces in general.
  Some more information might help to understand the problem.
  What type of tunnel are you using? GRE?
  What version of ios are you running?
  Do you use additional encapsulation overhead like ipsec ect?
  Does tcp on this router use path mtu discovery?
  thanks...
  Matthias

• Can you add routes to use ipsec0 interface on SRP521W?

  I bought a couple of these to trial for location to remote telemedicine sites.  However I am only able to route one network range over the IPSec VPN.  I have to route multiple network ranges, and I am not able to make any modifications to the static routes for the ipsec0 interface, only WAN1 and LAN1.  Ideally, I would change the default route to use ipsec0.  But if that isn't an option, then just add specific ranges. 
  Can anyone help with this?
  Thanks,
  Jim

  That sucks.  I have never used a GRE tunnel before, I tried yesterday building one to my Nexus 7010 with no success.  It seems like it would be so easy if I could just get the option to select the ipsec0 interface when adding static routes.
  Can you recommend the next step router or firewall I could use to be able to send all traffic over the VPN, or at least add additional routes or network lists to send over the VPN?  I am assuming the ASA 5505 would work perfectly, but I was hoping for a more budget concious option as we'll have these all over town.
  Otherwise, if anyone can give me tips or suggestions on how to build the GRE tunnel from the SRP521W to a Nexus 7010 that would be great.
  Thanks,
  Jim

• Regarding no ip route-cache on Cisco 2960

  The users have been complaining about the network is slowness , after checking each lay2 switches, I found under each vlan the no ip route-cache is configured, the module is 2960, I am not sure if the command is there by default or configured manually, it is configured under the vlan interface only, not under each interface, will this be the reason that causing the slow performance? by the way will there be downtime by removing this command?
  Thanks

  Network Latency is hard to troubleshoot.
  -Isolate which customers are complaining about slow services
  -ID the services(is is just shared drive access or just web access or is it everything accross the board)
  If its the entire network, you probably have issues at the core or backbone so start looking for something that changed or is not meshing with the original design baseline.
  If its isolated to one leg of the network, you can look at interface counters for errors or protocol implementations(maybe STP reconverged to a new link that is slower or root bridge problems are occuring.
  You can also look at the CPU on the switches supporting the laggy hosts.  If its through the roof, then you probably have a loop or broadcast storm.
  Hope this helps, but latency is really hard to troubleshoot until you can isolate the problem down.
  Also, ip route-cache is just a higher level of switching.  The 2960 is perfectly capable of switching traffic for all of its user ports with the default switching method.

• Where did these tunnel interfaces come from?!?

  Hello,
  just wondering why one of our routers creates tunnel interfaces dynamically.
  I was setting up a GRE tunnel to transport multicast traffic over network. After I was done, I found two extra tunnel interfaces with command show ip interfaces brief and those extra interfaces uses my original tunnel interface as their IP addresses. There is no any configuration regarding to these extra interfaces in running config. How did this happen? Any explanations? Is it relating somehow to my multicast solution?
  If I got two dynamically created tunnels does that mean that I have at least two concurrent multicast groups on my router in active state?
  Sorry for dummy questions but I have almost zero experience what comes for multicast and last time I studied it in school about 8 year ago...
  -JJ

  Hi,
  These are created dynamically, one to encapsulate multicast packets and the other one to decapsulate. You can see them with the command < show ip pim tunnel > . You can find the description and purpose of these tunnels here:
  http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti/command/imc-cr-book/imc_s1.html#wp9533023710
  Hope this helps,
  Jose.

• Odd Tunnel Interface behavior - one end requires "no keepalive"

  Where's the quick version.  Tunnel between sites A & B.  This is GRE o IPSEC, but I don't think that's the issue.  Tunnel comes up and works great when:  site A has no keepalives and site B has no keepalives,  and it works when Site A has keepalives turned on and Site B does not.  The moment I turn on keepalives on site B, the tunnel goes down.
  This isn't a simple config.  Site A is an MPLS PE, meaning the Tunnel interface is configured with an fVRF and iVRF.  Site B has no VRF's - it is the CE.
  Any ideas on how to fix?  I need Site B's Tunnel interface to go down when connectivity fails.  My current workaround is to use EIGRP to update the routing tables.  I need to be able to support redundant paths with static and floating routes.

  Like this;
  Core1-r1#sh access-list ironport2
  Extended IP access list ironport2
      10 deny tcp host 10.247.254.174 any
      20 deny tcp any 192.168.0.0 0.0.255.255
      30 deny tcp any 10.0.0.0 0.255.255.255
      40 deny tcp host 10.230.3.250 any
      50 permit tcp 10.139.60.0 0.0.0.255 any (119568304 matches)
      60 permit tcp 10.230.32.0 0.0.0.255 any (9290669 matches)
      70 permit tcp host 10.230.48.12 any (141403 matches)
      80 permit tcp host 10.230.36.62 any (1456 matches)
      90 permit tcp host 10.150.18.7 any (741 matches)
  Core1-r1#
  10= P1 interface
  20= network we don't want to be sent to ironport
  30= " "
  40= M1 interface
  50->90=All testing subnets to go to ironport
  Thanks for the feedback! jc

• Dynamic virtual tunnel interface on 2821

  I tried to configure a dynamic virtual tunnel interface on a Cisco 2821 with release 12.4(9)T1 advanced ip services, aiming to terminate VPN client ipsec tunnels on it.
  The feature is supported by this software release. Documentation says:
  - enter configuration
  - configure a virtual-template interface
  - type "tunnel mode <mode>"
  but the router does not accept this command.
  Any hint?
  Thank you in advance.
  Denis

  Try:
  just have to take a look at the concentrator's configuration.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00801ae24c.shtml
  and this one is an example with routers
  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080143b0a.shtml

• Netflow with tunnel interfaces

  Hi I have a customer who is using tunnel interfaces with IPSEC on their WAN. They are collecting Netflow stats and exporting them to a server.Under the tunnel interface I have specified the bandwidth to be 1000.When I did not specify the bandwidth the tunnel speed came up on the management software as being 9kb. This was obviously not a true reflection when observing the data. The far end remote office is terminating via dsl and my question is should I specify the bandwidth under the tunnel interface to be closer to the dsl connection they have there ie 512k? There are many other tunnels coming from the main site and I have not configured Netflow on the this particular remote end.

  Hi Justin,
  If we would define bandwidth on tunnel interface it will manipulate routing decisions also and tunnel recursiuon issue could also occur where tunnel would see that the best way to reach teh destination is via tunnel itself. Beside taht the actual bandwidth used by the tunnel is based on the physical interface associated with it.

• EEM Tracking two tunnel interfaces at the same time

  Hi Everyone,
  luckly i just got introduced to EEM lately, and i was wondering how life saver this would be in alot of enviroments..
  I am trying to write an EEM to monitor two out of three tunnel interfaces if they went down i'd like to perform an action on the third interface.
  i went through online posts and saw there was "event track" under the EEM, but when i login to  any of my routers i can't see this, i dont get the option track.
  here is what i want to do..
  monitor tunnel 100 and tunnel 200 - if the line protocol went down or there are no routing information recieved on them action is to unshut tunnel 300 and tunnel 400
  thanks guys for help in advance

  Hi,
  Here is an example that does something similar:
  track 10 interface Ethernet0/0 line-protocol
  delay up 10
  track 11 interface Ethernet0/1 line-protocol
  delay up 10
  track 12 interface Ethernet0/2 line-protocol
  delay up 10
  track 13 interface Ethernet0/3 line-protocol
  delay up 10
  track 19 list threshold percentage
  object 10
  object 11
  object 12
  object 13
  threshold percentage down 51 up 100
  event manager applet DOWN
  event track 19 state down
  action 1.0 cli command "enable"
  action 1.1 cli command "conf t"
  action 2.0 cli command "int lo100"
  action 2.1 cli command "shut"
  action 9.0 syslog priority alerts msg "SWITCHOVER TRIGGER"
  event manager applet UP
  event track 19 state up
  action 1.0 cli command "enable"
  action 1.1 cli command "conf t"
  action 2.0 cli command "int lo100"
  action 2.1 cli command "no shut"
  action 9.0 syslog priority alerts msg "PREEMPT TRIGGER“