Problems with if_gre

Bruce M Simpson bms at spc.org
Tue Sep 2 15:10:50 PDT 2003 

Hi all,

First of all apologies for the length of this mail - it is quite voluminous
as I'm trying to pack in all required information.

I don't seem to be able to achieve an end-to-end path between my Cisco
2520 and my laptop running FreeBSD 5.1-RELEASE using the GRE tunneling
protocol. Before I delve in and start touching code, I wanted to run this
all by you first.

I've had some weird problems with if_gre not getting the route correct
if interface parameters aren't configured in a strict order (inner tunnel
addresses *first*, outer addresses *last). I've observed behaviour such
as the GRE tunneling code ARPing out for addresses that are already in
the routing table.

Right now I'd just like for these two machines to talk to each other
over GRE. There is no problem with end-to-end IP connectivity -both are
on the same ethernet switch, no vlanning is in use, and ntpd on the FreeBSD
machine is pointed at the Cisco which is in turn getting its ntpd updates
from a public NTP server in the wider Internet.

saboteur:/tftpboot % uname -a
FreeBSD saboteur.dek.spc.org 5.1-RELEASE FreeBSD 5.1-RELEASE #4: Wed Aug 20 07:43:54 BST 2003     root at saboteur.dek.spc.org:/usr/src/sys/i386/compile/SABOTEUR  i386

bms-gre-eth0#sho ver
Cisco Internetwork Operating System Software 
IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(27), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Mon 09-Jun-03 21:39 by srani
Image text-base: 0x0303E2B8, data-base: 0x00001000
...

Say I do this:
    17  22:33   s ifconfig gre0 create
    18  22:33   s ifconfig gre0 172.16.1.2/30 172.16.1.1
    19  22:33   ifconfig -a
    20  22:33   s ifconfig gre0 tunnel saboteur bms-gre-eth0j
    21  22:33   ifconfig -a
    22  22:33   s tcpdump -i gre0

Then I do this:

bms-gre-eth0#sho run
Building configuration...
...
interface Tunnel0
 ip address 172.16.1.1 255.255.255.252
 no ip directed-broadcast
 tunnel source Ethernet0
 tunnel destination saboteur
...
ip classless
...
bms-gre-eth0#sho ip ro
...
     172.16.0.0/30 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Tunnel0
bms-gre-eth0#sho ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
...
Internet  saboteur             10   0004.765e.ec7d  ARPA   Ethernet0

I see the packets in tcpdump on saboteur:
saboteur:/tftpboot % s tcpdump -i gre0
tcpdump: listening on gre0
22:40:18.871918 172.16.1.1 > 172.16.1.2: icmp: echo request
22:40:18.871957 172.16.1.2 > 172.16.1.1: icmp: echo reply
22:40:20.869234 172.16.1.1 > 172.16.1.2: icmp: echo request
22:40:20.869270 172.16.1.2 > 172.16.1.1: icmp: echo reply

But...
bms-gre-eth0#ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Most perplexing. If I look at:

saboteur:/tftpboot % netstat -r
Routing tables
...
bms-gre-eth0         00:50:54:80:06:98  UHLW        1       86    xl0    323
...
172.16.1.1         172.16.1.2         UH          0       15   gre0

Bizarro. Both routing tables look fine.
Now let's try pinging the Cisco from the FreeBSD machine.

saboteur:/tftpboot % ping 172.16.1.1
PING 172.16.1.1 (172.16.1.1): 56 data bytes

saboteur:~ % s tcpdump -i xl0 -p -e ip proto gre
tcpdump: listening on xl0
22:56:12.558538 0:4:76:5e:ec:7d 0:2:b3:8d:23:e4 0800 122: saboteur > bms-eth-gre0: gre 172.16.1.2 > 172.16.1.1: icmp: echo request

So far so good, but no reply.

bms-gre-eth0#show int tunnel0
Tunnel0 is up, line protocol is up 
  Hardware is Tunnel
  Internet address is 172.16.1.1/30
  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec, rely 255/255, load 1/255
  Encapsulation TUNNEL, loopback not set, keepalive set (10 sec)
  Tunnel source XX.XX.XX.XX (Ethernet0), destination YY.YY.YY.YY
  Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
  Checksumming of packets disabled,  fast tunneling enabled
  Last input 00:18:41, output 00:17:56, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1
  Queueing strategy: fifo
  Output queue 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     28 packets output, 8668 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out

YY.YY.YY.YY is saboteur's IP.

saboteur:/tftpboot % ifconfig gre0
gre0: flags=9051<UP,POINTOPOINT,RUNNING,LINK0,MULTICAST> mtu 1476
        inet 172.16.1.2 --> 172.16.1.1 netmask 0xfffffffc 

What's going on? None of the additional RFC 1701 options are in use. This
is just plain old vanilla GRE. Turning off RXCSUM/TXCSUM on the xl0 I'm
using doesn't have any effect.

Any ideas?

BMS

More information about the freebsd-net mailing list