gated and ios: OSPF over ipip-tunnel

gated and ios: OSPF over ipip-tunnel

Post by Vladimir Melni » Thu, 08 Nov 2001 04:32:06



Hello.
I have a question, is there anybody who established ospf-relations
between cisco-26xx (ios 12.1(5)T8) and gated-public-3_6 over
ipip-tunnel?
(sorry for my English)
something goes wrong with me, i'll describe.
when I'm running `tcpdump -i tunl1` on my linux-box, I see all ospf
hello-packets entering this tunnel and the same quantity of cisco's
ospf packets.
When i'm looking at syslog of 'debug ip packet ...', i see the same
cisco's hello's entering this tunnel, but no gated's packets coming
out.
tcp, udp and icmp traffic works just fine.
What can be wrong?

--
V.Melnik

 
 
 

gated and ios: OSPF over ipip-tunnel

Post by Vladimir Melni » Fri, 09 Nov 2001 04:04:12


Don't answer, now I know, what was wrong.

If it will interesting for anybody.
iptunnel-1.01 sets ttl-parameter ti "inherit" by default.
it means, all ipip-packets will inherit ttl from ip-packets which them
has inside.
So.
/sbin/iptunnel change tunlX \
        mode ipip \
        ttl `sysctl -a | sed -ne 's/^net.ipv4.ip_default_ttl = //p'`
And your ospf will alive, your traceroute (as another ttl-oriented
program) will be fine and clean.

 VM> Hello.
 VM> I have a question, is there anybody who established ospf-relations
 VM> between cisco-26xx (ios 12.1(5)T8) and gated-public-3_6 over
 VM> ipip-tunnel?
 VM> (sorry for my English)
 VM> something goes wrong with me, i'll describe.
 VM> when I'm running `tcpdump -i tunl1` on my linux-box, I see all ospf
 VM> hello-packets entering this tunnel and the same quantity of cisco's
 VM> ospf packets.
 VM> When i'm looking at syslog of 'debug ip packet ...', i see the same
 VM> cisco's hello's entering this tunnel, but no gated's packets coming
 VM> out.
 VM> tcp, udp and icmp traffic works just fine.
 VM> What can be wrong?

--
V.Melnik

 
 
 

1. ipip tunnel won't tunnel

It is entirely possible that I'm just really thickheaded, and I'm not
getting something very fundamental, but either way I've got big problems
with ipip tunneling between a cisco with a network behind it and a linux
machine with a network behind it.

Here's the deal:
I have a network 111.111.111.0 netmask 255.255.255.192 that lives behind
the ehternet0 of a cisco with an address of 111.111.111.1 netmask
255.255.255.192. The serial side of the cisco lives at 222.222.222.1
netmask 255.255.255.252.

I have a network at the linux machine (2.0.34) that has a serial (ppp)
connection of 333.333.333.1 netmask 255.255.255.0 (sorry, you'll have to
put up with the 333's for now) and on the ethernet 0 side of the linux
box, i have 3 machines.

I want these three machines to have addresses in the network
111.111.111.64 netmask 255.255.255.192 (subnet of the class C from
ethernet 0 of the cisco, above).

Here's what I've told the cisco:
interface tunnel 0
ip address 111.111.111.65 255.255.255.192
tunnel source serial 0
tunnel destination 333.333.333.1 (this is the last time you have to
cringe over 333's)
tunnel mode ipip

Here's what I've told the linux machine
ifconfig tunl0 111.111.111.66 netmask 255.255.255.192
ifconfig eth0 111.111.111.66 netmask 255.255.255.192 (same ip as tunl0)

Now, at this point, sometimes I can ping 111.111.111.66 from the cisco,
but only once.  After the first time, I can never get a second shot.

I've also attempted this on the linux machine
ifconfig tunl0 111.111.111.66 netmask 255.255.255.192
ifconfig eth0 111.111.111.67 netmask 255.255.255.192 (diff ip, same net
as tunl0)

I've also attempted this on the linux machine
ifconfig tunl0 111.111.111.65 netmask 255.255.255.192 (same ip as
cisco's tunnel 0)
ifconfig eth0 111.111.111.66 netmask 255.255.255.192 (diff ip, same net
as tunl0)

and, yes, I've also attemted this on the linux machine
ifconfig tunl0 111.111.111.65 netmask 255.255.255.192 (same ip as
cisco's tunnel 0)
ifconfig eth0 111.111.111.65 netmask 255.255.255.192 (same ip as tunl0)

Sooner or later, all of these configurations route me out of the cisco
(I sit at the linux machine and have to drive to work to reset the
router [this gets very old very fast])

All of these configurations have been awfully close, though, I think.  I
think so, because I can usually manage a traceroute or a ping before the
whole work locks up.

I'm stumped.  All I want to do is route the .64 network from work to
here (home [yes, it's legit]).  All IP addresses used in this example
are to be considered real addresses (changed to protect the guilty).

I'll email a beer to the first person who comes up with an acceptable
solution.  I'm desparate, although that could just be from driving into
work 4 times today to reset the cisco...

I'd appreciate any help.

Jeff...

2. Basic Compiler/Basic-to-C Compiler

3. Does Linux IPIP tunnelling work with Cisco NOS tunnels?

4. Is this a "safe" rm?

5. OSPF problems, gated+gated+Cisco

6. Compress / Archive

7. IPSec tunnel between Cisco IOS 12.1 and OpenBSD 2.7

8. Problems with pcmcia "wireless".

9. ipip tunnels

10. IPIP tunnels

11. IPIP Tunnelling "Network is Unreachable"

12. IPIP Tunnel difficulties. Help anyone?

13. RTFM doesn't help on ipip tunneling