Many network administrators are familiar with using generic routing encapsulation tunnel (GRE).But only few administrators can be able to discern the danger of recursive loop in GRE. I am one of them who was not careful 🙂
You may find many RFC on http://ietf.org/ about GRE. RFC 2784 which was derived from RFC 1701 and RFC 1702 can be reviewed to have basic knowledge what GRE is. I will share just 2 pictures which show encapsulated form and GRE packet header to enlighten you below.
[huge_it_gallery id=”6″]
As you understand GRE is a simple tunnel which is used to connect two points. You may build VPN, redundant MPLS via this tunnel. I will share simple GRE configuration and routes which is used over main BGP internet uplinks. As you see from route table, we are receiving destination routes from external BGP peer.
[huge_it_gallery id=”8″]
After we mention a few words about GRE, I will go on with recursive loops.In fact, consideration is very simple before implementing it. What happens if you receive tunnel destination IP from tunnel inside? It is common possible unless you consider about dynamic routing preference. You may see my topology below.
[huge_it_gallery id=”9″]
In topology, it is running external BGP and I will use internal BGP and OSPF for redundant MPLS in GRE tunnel. In juniper vendor, route prefence values are slightly different from Cisco. So , as you see from below graphs, tunnel destination IP starts to be received from GRE interface because of I advertise directly connected routes from OSPF.Thus, tunnel starts to be flapped and it is called recursive loop. Because, external BGP peer will be best route for tunnel destination IP at first time. At that time, tunnel will be up but because of advertising of directly connected routes through GRE via OSPF, tunnel destination IP will be choosen as best route through GRE. Then, case will be like “ go inside tunnel to build this tunnel”. But this is impossible and tunnel will be down.As soon as it is down, external BGP peer will best again and tunnel will be up again. After that same process that I have explained will be happen respectively until you make it stop. That is recursive loop.I show you just from one router side. Same events will happen also opposite side of tunnel. If you have big traffic or complex network protocols, you will be in a big trouble once such a situation happens. During my experience, I had seen rpd value at 90% level.
[huge_it_gallery id=”10″]
I hope this article will help you about GRE. If you need any help, you may contact with me through “about me” page.