[c-nsp] Bug ID CSCdy72539 For GRE Tunneling on 6500 PFC3B

Kamalasiri Dissanayke kamalasiri at gmail.com
Wed Dec 6 20:16:35 EST 2006 

Hi,

Thanks for the valuable information,
Actually what we have is SPA-IPSEC-2G.

I get it working through SPA-IPSEC-2G module, but once I tried without that
CPU goes 99% with just 10Mb/s GRE traffic. bellow my Config would you mind
having a look on that.




interface Loopback0
 description Management Interface
 ip address 157.128.20.102 255.255.255.255
 ip address 157.128.20.103 255.255.255.255 secondary
 ip address 157.128.20.104 255.255.255.255 secondary
!

interface Loopback1
 description Anycast RP address

!
interface Loopback2
 description tunnel sources ip address

!

interface Tunnel2
 description "GRE Tunnel to Bundoora"
 bandwidth 20000
 ip address 10.101.1.129 255.255.255.252
 ip mtu 1500
 ip pim sparse-dense-mode
  delay 50
 keepalive 10 3
 tunnel source 157.128.20.102
 tunnel destination 10.246.38.38

!
interface Tunnel4
 description *** GRE Tunnel to Ouyen ***
 bandwidth 1000
 ip address 10.102.1.93 255.255.255.252
 ip mtu 1500
 ip pim sparse-dense-mode
  delay 100
 keepalive 10 3
 tunnel source 157.128.20.103
 tunnel destination 10.246.42.86
!
interface Tunnel6
 description *** GRE Tunnel to Ararat ***
 bandwidth 2000
 ip address 10.101.1.5 255.255.255.252
 ip mtu 1500
 ip pim sparse-dense-mode
  delay 100
 keepalive 10 3
 tunnel source 157.128.20.104
 tunnel destination 10.246.36.150

!
!
interface GigabitEthernet5/1
 description ***** GWIP Connection ****
 ip address 10.246.43.6 255.255.255.248
 load-interval 30
 mls qos trust-dscp

!


interface GigabitEthernet5/2
 description *** Link to 530cs-6509-3dcc3-1 ***
 ip address 10.100.255.70 255.255.255.252
 load-interval 30
 mls qos trust-dscp
  no cdp enable



!
router eigrp 15
 passive-interface GigabitEthernet0/1
 network 10.0.0.0
 network 157.128.0.0
 distribute-list LIMIT-ROUTES-OUT out Tunnel2
 distribute-list LIMIT-ROUTES-OUT out Tunnel4
 distribute-list LIMIT-ROUTES-OUT out Tunnel6

 no auto-summary

!
router bgp 64619
 no synchronization
 bgp log-neighbor-changes
 network 157.128.20.102 mask 255.255.255.255
 network 157.128.20.103 mask 255.255.255.255
 network 157.128.20.104 mask 255.255.255.255
 neighbor 10.246.43.1 remote-as 64619
 no auto-summary
!
!
ip classless
ip route 10.246.0.0 255.255.0.0 10.246.43.1
!
no ip http server



Thank you



Kamal


On 12/7/06, Asbjorn Hojmark - Lists <lists at hojmark.org> wrote:

> > Tunneling with PFC#B.
> > It seems we need seperate tunnel source for each tunnel
>
> Yes... But it's easy to configure and performs extremely well.
>
> > Other thing is any comparrison using VPN SM module and PFC#B
> > for GRE encapsultion.
>
> The VPNSM normally doesn't do GRE. (It can take over the tunnel
> interface if the Sup720 can't do the tunnel in hardware, but I
> don't know when that would happen).
>
> Also, today you should use a IPSec SIP/SPA instead of the VPNSM,
> which is dead in the water (SXF will be the last software to
> support it, I'm told. Modular IOS doesn't and won't. SRA doesn't
> and won't).
>
> -A
>
>

More information about the cisco-nsp mailing list