1. How to enable keepalives in GRE tunnel?
2. Is it supported on both L-2 / L-3 GRE tunnel?
3. Will the keepalive work if other end of the tunnel is a 3rd party box?
4. Do we need to enable keepalives on both the ends?
5. It is necessary to have same timers on both the ends?
Environment : This article applies to Aruba controllers version 6.1 and above.
GRE is a stateless protocol. It does not keep account of end-to end connectivity. Thus a link going down on one end doesn't have the capability of bringing down the line protocol on the other end. This can lead to routing blackholes.
Aruba allows us to configure L-2 GRE tunnels to join two vlans. But without keepalives, we never know if end to end connectivity is there.
1. We have two switches, Aruba 1, Aruba 2 which are connected by Vlan 1. Vlan 2 is also configured but it is not configured on the link joining the two controllers thus there is no connectivity in Vlan 2.
2. Aruba 1 configuration:
3. Aruba 2 initial configuration:
4. Since there is no connectivity in Vlan 2 between the two switches, We see the ping fail. However, the ping to vlan 1 is successful:
5. We configure the GRE tunnel on Aruba 2:
6. We verify the status of the tunnel. It says UP and UP , even when we haven't configured the GRE on the other end.
7. We do a ping test. We see that it fails. Due to stateless nature of GRE, the tunnel shows as UP even when there is no connectivity:
8. We configure the keepalive on Aruba 2. We give a hello time of 5 seconds with 3 retries before a tunnel is declared as down.
9. We test the connectivity again. we see that ping fails. But now it says that the tunnel is down and line protocol is down. We can also see the heartbeat sent and heatbeat lost count:
10. We configure the GRE tunnel on the other end and also configure the keepalives:
11. After this config, we see that the connectivity has been established for Vlan 2 b/w the switches and tunnel shows as up:
12. It also shows as up on Aruba 1 and ping is successful:
1. Keepalive is locally significant. One end can have GRE keepalive enabled and other end can have it disabled.
2. Timers need not be the same on both the ends for the GRE tunnel to work correctly.
3. GRE keepalive will not work if the other end of the tunnel is configured on is 3rd party device.
4. It is supported both on L-2 / L-3 tunnel.