Unable to establish GRE tunnel between linux-based instance and Cisco Router

Question

I would like to establish a GRE Tunnel connection between a Cisco CSR1000v and an EC2 instance that runs Ubuntu 18.04.02 LTS Linux 4.15.

In R1 CSR1000v the configuration is the following:

interface Tunnel99
 ip address 10.10.10.2 255.255.255.0
 keepalive 2 3 
 tunnel mode gre ip
 tunnel source GigabitEthernet1
 tunnel destination 54.148.34.17
 tunnel path-mtu-discovery
end

The Tunnel interface description is the following

Interface          IP-Address      OK? Method Status                Protocol
GigabitEthernet1   172.1.1.7       YES DHCP   up                    up
Tunnel99           10.10.10.2      YES manual up                    down

In the EC2 instance, I got the following configuration

modprobe ip_gre
lsmod | grep gr
sudo ip tunnel add gre0 mode gre remote 35.163.97.129 local 172.2.2.11 ttl 255
sudo ip link set gre0 up
ip addr add 10.10.10.1/24 dev gre0

The problem is I couldn't ping the tunnel's interface from both sides. And the GRE0 interface shows a destination address as same as the tunnel's IP address.

gre0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 8977
        inet 10.10.10.1  netmask 255.255.255.0  destination 10.10.10.1
        inet6 fe80::200:5efe:ac00:106  prefixlen 64  scopeid 0x20<link>
        unspec AC-00-01-06-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 171  bytes 4104 (4.1 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7  bytes 392 (392.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

`ip addr show dev gre0`? Also you might want to set `tunnel source [egress-ifc-private-ip]` on the CSR. — Michael - sqlbot, Apr 11 '19 at 14:43
@Michael-sqlbot I don't get the part of setting `tunnel source [egress-ifc-private-ip]` — Khalil Mebarkia, Apr 12 '19 at 09:50
Disregard that comment, you already set `tunnel source` as the interface and I somehow overlooked that when I made the suggestion. — Michael - sqlbot, Apr 12 '19 at 13:55
@Michael-sqlbot The problem is the tunnel protocol is down in the `CSR`. Therefore pining the tunnel address `10.10.10.2` is unsuccessful and the other side is of course unreachable. However, from `Linux instance` pinging the tunnel address `10.10.10.1` is successful — Khalil Mebarkia, Apr 12 '19 at 14:04

score 0 · Accepted Answer · answered Jun 13 '19 at 13:50

0

It turns out that MPLS is not running the Linux kernel 4.15 in AWS. In order to install Quagga with LDP daemon that runs SR MPLS from a VM to another, the kernel must be updated or you need Linux 4.5 or latest.

answered Jun 13 '19 at 13:50

Khalil Mebarkia

129
1
1
13

Unable to establish GRE tunnel between linux-based instance and Cisco Router

1 Answers1