Recursive routing and outbound interface selection are two significant issues with tunnel or overlay networks. When using a routing protocol over a network tunnel, utmost caution is required. Things can go wrong if a router attempts to reach the remote router’s encapsulating interface (transport IP address) via the tunnel. This problem is typically observed when the transport network is advertised into the same routing protocol that runs on the overlay network.
Recursive routing occurs when the router learns the destination IP address for the tunnel interface through the tunnel itself. It removes the previous entry for the tunnel destination IP address from the routing table, making the tunnel’s destination inaccessible.
Recursive Routing Example
For example, in the network topology below, the routers are all running OSPF, and every router can reach each other via OSPF routes. Router2 and Router3 are connected via a GRE tunnel using 192.168.10.2 and 192.168.20.2 as the source and destination IP addresses, respectively. 192.168.30.1 and 192.168.30.2 are IP addresses for the tunnel interfaces.
If OSPF is enabled on the tunnel interfaces, Router2 will advertise the 192.168.10.0/24 network out of its tunnel interface. Router3 will also advertise the 192.168.20.0/24 network out of its tunnel interface. If the cost of the IP route via the tunnel is lower, the existing route in the IP routing table will be changed and will enter the path via the tunnel instead.
What happens then is that the networks for the source and destination IP addresses, 192.168.10.0/24 and 192.168.20.0/24, which are used to build the tunnel, are learned using the tunnel itself. For example, Router2 will reach Router3 at 192.168.20.2, using the tunnel endpoint destination address of 192.168.20.2, going through the tunnel itself. That’s not possible, and it causes the tunnel to collapse.
So when the tunnel is down, the router will recalculate the routes and have the original routes back, which are the routes via Router1. Now that the routes are good, the tunnel will get re-established, then Router2 and Router3 will relearn the networks for each other through the tunnel, and the tunnel will collapse. Routers will again recalculate and have the original routes back, then the tunnel will be built again, and it goes on.
The router can detect a recursive route, and it generates the following Syslog message:
%TUN-5-RECURDOWN: Tunnel100 temporarily disabled due to recursive routing
The route recursion loop is also shown in the Syslog messages:
08:01:10.288: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel100, changed state to down 08:01:14.215: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.10.2 on Tunnel100 from FULL to DOWN, Neighbor Down: Interface down or detached 08:01:21.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel100, changed state to up 08:01:27.216 %OSPF-5-ADJCHG: Process 1, Nbr 192.168.10.2 on Tunnel100 from LOADING to FULL, Loading Done
Preventing Recursive Routes
Recursive routing can happen with any dynamic routing protocol and even static routes. Recursive routing issues are resolved by not advertising the tunnel endpoint IP addresses through the tunnel network. Configuring route filtering or modifying the administrative distance and metric to prefer a specific route are viable solutions. Using a static route with a /32 subnet mask for the tunnel destination can also prevent recursive routes.
Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.
We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training:
