Hour 475: GRE recursive routing

It’s been almost a year since I have been out of the military and I thought it would be a good idea to dedicate a blog to them. More specifically I want to do a technical blog on a type of problem I sometimes encountered while working there; GRE recursive routing. Any enterprise that runs tunneling protocols like GRE/IPSEC or VTI’s will most likely encounter these type of problems at one point or another.

First, I want to separate this post in two cases; Case A and Case B. They are different scenarios but their root causes are both the same.

Case A: Recursive Routing due to less specific route

Topo_VPN

In case A, we have a topology where R2 and R3 are VPN devices and R1 and R4 are routers running a GRE tunnel between each other sharing routing information through an IGP. Continue reading

Hour 192: Cisco Order of Operations

The order of operations in IOS is one of the most important topic an engineer can learn.  You can spend countless hours trying to figure out the solution to a problem involving NAT, routing, ACL, QoS and IPSEC if you don’t understand in what order flows get processed within the Cisco IOS. For example if you are doing NAT on a device, and you want to route traffic going through NAT, will you use the inside or outside NAT IP address?

The answer is: it depends. Order of operation will vary depending if the traffic is going from the inside-to-outside interface or from outside-to-inside interface. It will also vary if it’s from an inbound interface to an outbound interface. Let’s look at the official release from Cisco:

OrderOfOps Continue reading