[c-nsp] Problems with bandwidth on interface tunnel

Church, Charles cchurch at multimax.com
Sat Mar 3 12:55:53 EST 2007 

Sasa,

	The router can do IPSec at high speed, but you're also wrapping an IPinIP tunnel around it.  That's most likely what's killing it, since that's done in software.  Try just native IPSec, not inside a tunnel. 


Chuck Church
Network Engineer
CCIE #8776, MCNE, MCSE
Multimax, Inc.
Enterprise Network Engineering
Home Office - 864-335-9473 
Cell - 864-266-3978
cchurch at multimax.com

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Saso Pirnat
Sent: Saturday, March 03, 2007 12:29 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Problems with bandwidth on interface tunnel

Does anybody knows what is bandwidth limitation of interface tunnel on
cisco 1841 routers, because I have tree different locations connected
together in vpn network with IPSec using interfaces tunnel, with 3 cisco
1841 routers. WAN connections are on 100Mb/s optic fiber, but I can´t get
more speed then 8Mb/s on vpn connections, even if I increase tunnel
bandwidth to 40Mbp/s - that max ipsec passthrough for this vpn modul.

default tunnel configuration:

interface Tunnel0
 description VPN site1
 ip address 192.168.78.2 255.255.255.252
 no ip split-horizon
 tunnel source FastEthernet0/0
 tunnel destination xxx.xxx.xxx.xxx
 tunnel mode ipip
 crypto map do-centrale
end


Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  Description: VPN site1
  Internet address is 192.168.78.2/30
  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
     reliability 255/255, txload 112/255, rxload 81/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel source xxx.xxx.xxx.xxx (FastEthernet0/0), destination
xxx.xxx.xxx.xxx
  Tunnel protocol/transport IP/IP
  Tunnel TTL 255
  Fast tunneling enabled
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Last input 00:00:02, output 00:00:02, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 22466
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 46000 bits/sec, 30 packets/sec
  5 minute output rate 44000 bits/sec, 19 packets/sec
     898355732 packets input, 4135541064 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     742454820 packets output, 1498580302 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out


increased bandwidth configuration:

interface Tunnel0
 description VPN site1
 bandwidth 40000
 ip address 192.168.78.2 255.255.255.252
 no ip split-horizon
 tunnel source FastEthernet0/0
 tunnel destination xxx.xxx.xxx.xxx
 tunnel mode ipip
 tunnel bandwidth transmit 40000
 tunnel bandwidth receive 40000
 crypto map do-centrale
end


Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  Description: VPN site1
  Internet address is 192.168.78.2/30
  MTU 1514 bytes, BW 40000 Kbit, DLY 500000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel source xxx.xxx.xxx.xxx (FastEthernet0/0), destination
xxx.xxx.xxx.xxx
  Tunnel protocol/transport IP/IP
  Tunnel TTL 255
  Fast tunneling enabled
  Tunnel transmit bandwidth 40000 (kbps)
  Tunnel receive bandwidth 40000 (kbps)
  Last input 00:00:00, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 22463
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 21000 bits/sec, 17 packets/sec
  5 minute output rate 41000 bits/sec, 14 packets/sec
     898343729 packets input, 4132936756 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     742446090 packets output, 1496397797 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out



br, saso

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list