keepalive

Usage Scenario

Before you configure a tunnel policy and set the VPN tunnel type to GRE, you need to enable the Keepalive function. After Keepalive is enabled, the VPN cannot choose a tunnel with an unreachable remote end, preventing data loss.

When Keepalive is disabled on a local end, the tunnel interface status of the local end might be Up even if the remote end is unreachable. After Keepalive is enabled on the local end, the tunnel interface status of the local end changes to Down if the remote end is unreachable. Therefore, when the remote end is unreachable, the VPN cannot choose the GRE tunnel, preventing data loss.

The Keepalive function takes effect uni-directionally. To enable the Keepalive function on both ends of a tunnel, run the keepalive command on each end of the tunnel. The Keepalive configuration takes effect on one end even if the function is disabled on the other end. However, it is recommended that you enable the Keepalive function on both ends.

After the Keepalive function is enabled on a GRE tunnel, the tunnel periodically sends Keepalive packets. The unreachable counter increases by one each time a packet is sent. If no response packet is received when the value of the counter reaches the value of retry-times, the remote end is considered unreachable.

Prerequisites

The keepalive command can be used only when the encapsulation mode has been set to GRE on an interface.

Precautions

When you run the keepalive command several times, the latest configuration overrides the previous configurations.

When the VPN instance to which a GRE tunnel interface is bound is not the specified destination VPN instance, the keepalive command cannot be used to check GRE tunnel connectivity. If this command is used in this situation, the Keepalive function cannot be implemented.

Follow-up Procedure

Run the display keepalive packets count command to display the number of Keepalive packets and Keepalive response packets sent and received by the local GRE tunnel interface.