GRE Keepalive does not work
SOLUTION 已验证 - 已更新 2013 年七月 17 日 18:56 - English
环境
Red Hat Enterprise Linux
GRE Tunnel to remote device, such as Cisco router
GRE Keepalives configured on remote device
问题
Configuring GRE Keepalives between a network device (such as a Cisco router) and RHEL system result in the keepalives being dropped by the Linux machine, and the networking device considering the tunnel down.
决议
Linux does not support GRE Keepalives.
You may disable GRE Keepalives on the remote device, or use a workaround such as an IP SLA ping down the GRE tunnel.
根源
A GRE Keepalive is a "host to router" GRE packet encapsulated inside a "router to host" GRE packet. The idea being the host (in this case Linux) receives the packet, sees the packet is actually a GRE packet for the router, and sends it back out. The router receives this packet and knows the remote end is still responding.
The Linux FIB code is such that if it receives traffic where the source is a local unicast address, the traffic is considered invalid.
Observe the following code:
Raw
net/ipv4/fib_frontend.c
if (res.type != RTN_UNICAST) {
if (res.type != RTN_LOCAL || !accept_local)
goto e_inval_res;
}
A GRE tunnel is not "stateful", there is no handshake or negotiation, just one side sending encapsulated packets and one side accepting encapsulated packets. As long as the network between the two sides stays up, the tunnel is up. Lack of Keepalives doesn't mean the tunnel is "down", just that you have no knowledge of the network state of the remote system. You could monitor this on the router with IP SLA, or monitor the remote end separately outside the tunnel.
诊断步骤
Cisco GRE Keepalive documentation:
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a008048cffc.shtml#t5Linux GRE documentation:
http://lartc.org/lartc.html#LARTC.TUNNEL.GRE