I have been using multiple GRE tunnels either manually or with NHRP and had some problems when a tunnel would fail due to an outage.  The failover would reset, but connections across the private tunnels would be reset.  Cisco phones would reset for example.  I seem to have solved this problem by making sure that the maximum MTU for all tunnel paths matches.

For example, one tunnel path has an IPSEC tunnel so the MTU is lower than another path that is purely GRE, perhaps for a backup path.  The IPSEC tunnel has a lower MTU.  This is fine, but established connections seem to get upset if the MTU drops.  It may or not get the unreachables or redirects but regardless some applications seem to think it is better to reset the connection and re-establish over new path/MTU.  No big deal for some applications but annoying with the Cisco Call Manager / SCCP phones on ends of the tunnel deciding to reset.

Make sure IP unreachables are enabled or at least they are enabled for paths that you care about.  Without this, when the TCP window tries to open up and MTU increases, you will end up with hung connections.

Also, the command 'ip tcp adjust-mss xxxx' can be useful to hint at a better MTU ( MSS = maximum send size ).

Sometimes we need to force a GRE or IPSEC tunnel to start, especially in a dynamic IP environment.  Using dynamic crypto maps or NHRP, as long as there is one static IP to be used as a hub, you can force the edges to dial in.  The problem sometimes is how to get them to dial in after a remote reset or power outage.  It may be that you need to connect from the hub to the spoke but cannot do so until it dials.

One great method suggested by Scott Hofer at Intelepeer was to use NTP. This works well because you can force NTP to bind to a particular source interface and use the tunneled endpoints as master/client.

Sometimes this may not work if you need NTP bound to another interface.  In this case using Cisco's service level agreement set works well as you can create many groups.  Additionally you can use 'track' to manipulate static routes or execute other methods should it time out.  In this way, you could force dial up backup routes, but with very specific constraints.  More on that later, but below is a sample to force encourage a tunnel to connect.

ip sla 4

 icmp-echo 10.10.10.2 source-interface fast 4/0

 threshold 100

 timeout 200

 frequency 5

ip sla schedule 4 life forever start-time now