GRE - Recursive routing error - AD solution

GRE - Recursive routing error - filtering solution


When deploying a [GRE](/gre) tunnel, and configuring [routing](/routing), one must be careful not to create the situation where a recursive routing error occurs.  Such an error occurs when a [routing protocol](/routing-dynamic-routing-protocols) chooses the GRE tunnel as the path to the tunnel's own endpoint.

Examine the following topology:

![recursive-routing-gre-topology.png](/attachments/recursive-routing-gre-topology.png)

R1 and R3 have created a GRE tunnel between them, with the 192.168.12.1 and the 192.168.23.3 addresses as the tunnel endpoints on each router respectively.  Routing has been established between R1, R2, and R3 via OSPF, and this routing  is necessary so that the tunnel itself can be created and maintained.  R1 and R3 must be able to reach each other's tunnel endpoints.

Now imagine that the created tunnel has a subnet of 192.168.13.0/24 and the tunnel interfaces on R1 and R3 are assigned the .1 and .3 addresses of this range.  

Now imagine that R1 has in its routing table a route to reach the 192.168.23.3 host via a next hop of 192.168.13.3.  In other words, R1 will **reach the tunnel endpoint through the tunnel itself**.  In other words, the tunnel is trying to reach its other endpoint via the tunnel.  This is a recursive routing error.  The following Syslog message will appear, and the GRE tunnel will be torn down:

```
%TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing
```

To resolve this error, the following solutions can be used:
1) Don't advertise the tunnel destination IP address on the tunnel interface.  An example of how to do this can be found at [GRE - Recursive routing error - filtering solution](/gre-recursive-routing-error-filtering-solution)
2) Make sure the [AD](/routing-administrative-distance) of the tunnel destination IP address through the tunnel is higher (worse) than what you have in the routing table.  An example of this solution can be found at [GRE - Recursive routing error - AD solution](/gre-recursive-routing-error-ad-solution).
3) Make sure the metric to the tunnel destination IP address through the tunnel is worse than what you have in the routing table.  This solution is found in the link to the lesson below.

All of the above solutions are described using the [RIP](/rip) routing protocol, but the approach is the same when using other protocols such as [EIGRP](/eigrp) or [OSPF](/ospf).


Links:

https://forum.networklessons.com/t/gre-tunnel-recursive-routing-error/998/58?u=lagapides

https://networklessons.com/cisco/ccie-routing-switching/gre-tunnel-recursive-routing-error

GRE - Recursive routing error

EIGRP seed metrics when redistributing

EIGRP split horizon verification

EIGRP split-horizon vs poison reverse

EIGRP unequal cost load balancing

EIGRP what happens when a feasible successor fails

EIGRP

EPC - Cisco Embedded Packet Capture

ERSPAN

EVE-NG supported Cisco and other vendor images

Equal-cost Multi-path routing

EtherChannel - applying configurations to the interface

EtherChannel - implementing over 802.1Q tunneling

EtherChannel - load balancing algorithms

EtherChannel - max-bundle

EtherChannel - prerequisites for bundling

EtherChannel

Etherchannel - fast-switchover

Ethernet - role of FCS field

Ethernet - speed and duplex mismatches

Ethernet - speed and duplex settings on an ISR4431

Ethernet CSMA-CD

Ethernet VPN (EVPN)

Ethernet administrative and operational encapsulation

Ethernet administrative operational mode

Ethernet frame types

Ethernet header

Ethernet over IP (EoIP)

Ethernet

FHRP - interaction with routing protocols

FHRP Communication Between Redundant Routers

FHRP Load Balancing Behavior

FHRP Protocols

FHRP communication path of keepalives

Fiber optic types

Fiber optics - Multi mode fiber optics characteristics

Fiber optics - Single mode fiber optics characteristics

Fiber optics - color coding

Fiber optics - connectors

FlexVPN Hub and Spoke backup routes

FlexVPN redundant hub with dual cloud

FlexVPN spoke to spoke communication fails with IPSec tunnel

FlexVPN

Frame Relay - is it a relevant technology anymore

Frame-Relay - emulating a Frame-Relay switch

Frame-Relay DLCI values

GNS3 how to obtain Cisco IOS images

GRE - Tunnel Addressing

GRE MTU settings

GRE and IPSec

GRE tunnel and multicast

GRE tunnel key operation with only one tunnel key configured

GRE tunnel key

GRE tunnels and how they transmit multicast packets

HSRP - standby group numbers

HTTP - viewing HTTP messages in Wireshark

Hardware - Application Specific Integrated Circuit (ASIC)

High-Level Data Link Control (HDLC)

Home lab computer requirements

Hot Standby Router Protocol (HSRP)

How to practice labbing - best practices

How to prepare for Cisco DNA

IANA

ICANN

ICMP - Mitigating Vulnerabilities

ICMP - Vulnerabilities

ICMP - response to a ping that is blocked by an ACL

ICMP codes and types

ICMP

IEEE

IETF

IGMP - Snooping Querier Election

IGMP - Snooping Querier

IGMP - access group

IGMP - fast leave

IGMP - filtering using ACLs

IGMP - ip igmp snooping querier command

IGMP - membership report

IGMP - using VLAN access maps to filter multicast traffic

IGMP Snooping internal interface

IGMP default IOS configurations

IGMP last member query interval

IGMP membership query max response time

IGMP membership reports destination

IGMP report suppression

IGMP snooping prevents report suppression

IGMP snooping source IP address for messages

IGMP snooping

IGMP version 1 how hosts stop receiving multicast traffic

IGMP

IGMPv2 - leave group message mechanism

IGRP

IOS - Configuration Archive and Rollback

IOS - Right To Use (RTU) License

IOS - ip http server

IOS - licensing

GRE - Recursive routing error

Links to this page: