GRE Tunnels and Recursive Routing Problems

Recursive routing and outbound interface selection are two significant issues with tunnel or overlay networks.  When using a routing protocol over a network tunnel, utmost caution is required. Things can go wrong if a router attempts to reach the remote router’s encapsulating interface (transport IP address) via the tunnel. This problem is typically observed when the transport network is advertised into the same routing protocol that runs on the overlay network.

Recursive routing occurs when the router learns the destination IP address for the tunnel interface through the tunnel itself. It removes the previous entry for the tunnel destination IP address from the routing table, making the tunnel’s destination inaccessible.


Recursive Routing Example

For example, in the network topology below, the routers are all running OSPF, and every router can reach each other via OSPF routes. Router2 and Router3 are connected via a GRE tunnel using and as the source and destination IP addresses, respectively. and are IP addresses for the tunnel interfaces.

Recursive Routing

If OSPF is enabled on the tunnel interfaces, Router2 will advertise the network out of its tunnel interface. Router3 will also advertise the network out of its tunnel interface. If the cost of the IP route via the tunnel is lower, the existing route in the IP routing table will be changed and will enter the path via the tunnel instead.

What happens then is that the networks for the source and destination IP addresses, and, which are used to build the tunnel, are learned using the tunnel itself. For example, Router2 will reach Router3 at, using the tunnel endpoint destination address of, going through the tunnel itself. That’s not possible, and it causes the tunnel to collapse.

So when the tunnel is down, the router will recalculate the routes and have the original routes back, which are the routes via Router1. Now that the routes are good, the tunnel will get re-established, then Router2 and Router3 will relearn the networks for each other through the tunnel, and the tunnel will collapse. Routers will again recalculate and have the original routes back, then the tunnel will be built again, and it goes on.


The router can detect a recursive route, and it generates the following Syslog message:

%TUN-5-RECURDOWN: Tunnel100 temporarily disabled due to recursive routing


The route recursion loop is also shown in the Syslog messages:

08:01:10.288: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel100, changed state to down

08:01:14.215: %OSPF-5-ADJCHG: Process 1, Nbr on Tunnel100 from FULL to DOWN, Neighbor Down: Interface down or detached

08:01:21.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel100, changed state to up

08:01:27.216 %OSPF-5-ADJCHG: Process 1, Nbr on Tunnel100 from LOADING to FULL, Loading Done


Preventing Recursive Routes

Recursive routing can happen with any dynamic routing protocol and even static routes. Recursive routing issues are resolved by not advertising the tunnel endpoint IP addresses through the tunnel network. Configuring route filtering or modifying the administrative distance and metric to prefer a specific route are viable solutions. Using a static route with a /32 subnet mask for the tunnel destination can also prevent recursive routes.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: