Just one tunnel DSVPN is UP

Created: Dec 6, 2018 22:54:56Latest reply: Dec 27, 2018 06:48:54 822 5 0 0 0

Hello everyone,

Today I will share with you how to solve the problem of configuring two or more DSVPN tunnels at the same time, but only one tunnel is up and the other tunnels are down.

At first, confirm next:

The AR model support DSVPN function

License installed include features "Value-Added Security Package" and "DSVPN Function"

Description:

1. In the next scenario, we have 3 tunnel interface with the next configuration:

#
interface Tunnel0/0/9
tcp adjust-mss 1200
ip address 10.10.20.1 255.255.255.0
tunnel-protocol gre p2mp
source LoopBack1000
statistic enable inbound
statistic enable outbound
nhrp redirect
nhrp entry multicast dynamic
#
return

#
interface Tunnel0/0/10
tcp adjust-mss 1200
ip address 10.10.10.1 255.255.255.0
tunnel-protocol gre p2mp
source LoopBack1000
statistic enable inbound
statistic enable outbound
nhrp redirect
nhrp entry multicast dynamic
#
return

#
interface Tunnel0/0/11
tcp adjust-mss 1200
ip address 10.10.30.1 255.255.255.0
tunnel-protocol gre p2mp
source LoopBack1000
statistic enable inbound
statistic enable outbound
nhrp redirect
nhrp entry multicast dynamic
#
return

2. But just one tunnel interface is UP:

<Huawei>dis ip int b

Interface                         IP Address/Mask      Physical   Protocol
Serial1/0/0                       unassigned              down       down
Tunnel0/0/9                      10.10.20.1/24         up           down
Tunnel0/0/10                 10.10.10.1/24       up           up
Tunnel0/0/11                      10.10.30.1/24       up           down

3. When you shut down the tunnel interface, another tunnel is UP:

[Huawei-Tunnel0/0/10]shutdown

<Huawei>dis ip int b

Interface IP Address/Mask Physical Protocol

Tunnel0/0/9                       10.10.20.1/24        up         up
Tunnel0/0/10                      10.10.10.1/24           *down      down
Tunnel0/0/11                      10.10.30.1/24          up         down

4. Checking the license and it has the features required

<Huawei>dis license

Item name         : LAR0SECE02
Item type         : Function
Control value     : 1
Used value        : 1
Item state        : Trial
Item expired date : 2019-01-24
Item trial days   : 60
Description       : Security Package
Item name         : LAR0DSVPN02
Item type         : Function
Control value     : 1
Used value        : 1
Item state        : Trial
Item expired date : 2019-01-24
Description       : DSVPN Function Controller

Root cause:

These tunnel interfaces are using the same source address. When receiving a GRE packet, the device randomly selects an interface and only one interface goes Up.

Solution:

Its necessary to assign a different source loopback to each tunnel interface:

#
interface Tunnel0/0/9
tcp adjust-mss 1200
ip address 10.10.20.1 255.255.255.0
tunnel-protocol gre p2mp
source LoopBack1000
statistic enable inbound
statistic enable outbound
nhrp redirect
nhrp entry multicast dynamic
#
interface Tunnel0/0/10
tcp adjust-mss 1200
ip address 10.10.10.1 255.255.255.0
tunnel-protocol gre p2mp
source LoopBack6
statistic enable inbound
statistic enable outbound
nhrp redirect
nhrp entry multicast dynamic
#
interface Tunnel0/0/11
tcp adjust-mss 1200
ip address 10.10.30.1 255.255.255.0
tunnel-protocol gre p2mp
source LoopBack1
statistic enable inbound
statistic enable outbound
nhrp redirect
nhrp entry multicast dynamic
#

<Huawei>dis int b

Interface                   PHY   Protocol InUti OutUti   inErrors outErrors
LoopBack1                  up    up(s)        0%     0%          0          0
LoopBack6                  up    up(s)        0%     0%          0          0
LoopBack1000             up    up(s)        0%     0%          0          0
Tunnel0/0/9                up    up           --     --          0          0
Tunnel0/0/10              up    up           --     --          0          0
Tunnel0/0/11              up    up           --     --          0          0

That is all I want to share with you! Thank you!