GRE - Recursive routing error - filtering solution
One of the solutions to the GRE - Recursive routing error is to prevent the advertising of the tunnel destination IP address on the tunnel interface. Refer to the following diagram:
Based on this topology, the following configurations would resolve the issue assuming we are using RIP:
R1 Configuration
interface Loopback0 ip address 1.1.1.1 255.255.255.255 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 interface Tunnel0 ip address 192.168.13.1 255.255.255.0 tunnel source 1.1.1.1 tunnel destination 3.3.3.3 router rip version 2 network 1.1.1.1 network 192.168.12.0 network 192.168.13.0 no auto-summary distribute-list 101 out Tunnel0 access-list 101 deny ip host 3.3.3.3 any access-list 101 permit ip any any
R3 Configuration
interface Loopback0 ip address 3.3.3.3 255.255.255.255 interface FastEthernet0/0 ip address 192.168.23.3 255.255.255.0 interface Tunnel0 ip address 192.168.13.3 255.255.255.0 tunnel source 3.3.3.3 tunnel destination 1.1.1.1 router rip version 2 network 3.3.3.3 network 192.168.23.0 network 192.168.13.0 no auto-summary distribute-list 102 out Tunnel0 access-list 102 deny ip host 1.1.1.1 any access-list 102 permit ip any any
With this setup:
- The distribute-list on R1 prevents the tunnel destination (3.3.3.3) from being advertised out on the Tunnel0 interface. Similarly, on R3, it prevents the tunnel destination (1.1.1.1) from being advertised out the Tunnel0 interface.
- Since the default administrative distance for RIP is 120, routes learned via the GRE tunnel will inherently have a distance of 120. Routes learned directly through the FastEthernet interfaces will also have a distance of 120, but the RIP updates for the tunnel endpoints (1.1.1.1 and 3.3.3.3) are not advertised through the tunnel, hence recursive routing through the tunnel should be avoided.
Links
https://networklessons.com/cisco/ccie-enterprise-infrastructure/gre-tunnel-recursive-routing-error