Forum Discussion
NimbostratusGRE Tunnel Issue
Has anyone run into an issue with GRE tunnels on a BIG-IP? I have a few setup running into a TGW in AWS and something seems to break them. Config change, Module change, ?? I haven't been able to pin down an exact trigger. Sometimes I could failover and have the tunnels on the other HA member work fine and failing back would results in tunnels going down again. (The tunnels are unique to each BIG-IP) They start responding with ICMP protocol 47 unavailable. Once this happens a reboot doesn't seem to fix it. If I tear down the BIG-IP and rebuild it, I can keep them working again for X amount of time before the cycle repeats. Self-IPs are open to the protocol, also tried allow all for a bit. No NATs involved with underlay IPs.
2 Replies
- Juergen_Mang
MVP
I have also had problems in the past with GRE tunnels. My fix was removing the GRE Tunnels and use a router for the tunnels.
huzerIn case someone stumbles across this article in the future: TGWs in AWS utilize ECMP and as of this writing you're unable to turn that off. We were experiencing asymmetric routing as a packet destined to AWS was being sent out one VLAN and returned via a different VLAN. It was visible in the traffic capture but I was hung IP on the ICMP response due to traffic returning on the wrong VLAN where there wasn't a listener.
All credit to F5 support as they found the issue.
