0

I am trying to run OSPF between two CSRs in GCP Compute Engine. The CSRs are deployed in the same project and are only for testing purposes right now. I am not able to get OSPF to form between the routers and also not able to get a tunnel to form between the routers.

The tunnel interfaces are up/up, but I am not able to ping between the tunnel interfaces. Currently, I have all firewall rules set to allow any any between the routers. I can ping, ssh, etc. between the hosts, but cannot form dynamic routing or GRE tunnels.

Is this something that is being blocked by Google?

Router1

interface GigabitEthernet1
 ip address 192.168.0.32 255.255.255.0
 negotiation auto
 no mop enabled
 no mop sysid

interface Tunnel1
 ip address 172.31.254.1 255.255.255.252
 ip mtu 1400
 tunnel source GigabitEthernet1
 tunnel destination 192.168.0.20

Router2

interface GigabitEthernet1
 ip address 192.168.0.20 255.255.255.0
 negotiation auto
 no mop enabled
 no mop sysid

interface Tunnel1
 ip address 172.31.254.2 255.255.255.252
 ip mtu 1400
 tunnel source GigabitEthernet1
 tunnel destination 192.168.0.32

Any ideas?

Thanks!

Jake Jennings
  • 1
  • 1
    Usually, this is a routing problem. Include information about the VPCs, VPC route tables and the instance internal route tables. – John Hanley May 28 '20 at 21:50
  • Have a look at the [VPC documentation](https://cloud.google.com/vpc/docs/vpc#specifications) "VPC networks only support IPv4 unicast traffic. They do not support broadcast, [multicast](https://wikipedia.org/wiki/IP_multicast),..." and it could be the cause of your issue with OSPF. – Serhii Rohoza Jun 01 '20 at 14:36
  • Also, have a look at the [firewall documentation](https://cloud.google.com/vpc/docs/firewalls#firewall_rules_in) "Google Cloud doesn't allow certain IP protocols, such as [GRE](https://wikipedia.org/wiki/Generic_Routing_Encapsulation), within a VPC network. For more information, see [always blocked traffic](https://cloud.google.com/vpc/docs/firewalls#blockedtraffic).". So, you're issue with GRE is intended behaviour and you should you other tunnel proptocols. – Serhii Rohoza Jun 01 '20 at 14:40
  • Ok. That is what I was worried about. I didn't see the always blocked traffic bit. I knew multicast was blocked but was hoping GRE was allowed. It was for network testing. – Jake Jennings Jun 02 '20 at 12:56

0 Answers0