[c-nsp] GRE tunnel optimization
Adam Greene
maillist at webjogger.net
Tue Jan 12 16:12:03 EST 2010
Hi,
I'm trying to pass IPSec VPN traffic over a simple GRE tunnel, with
mixed results (some packet loss, high latency).
Configs on both ends:
==========
2811, 12.4(21), traffic is sent over bonded DSL lines
==========
interface Tunnel0
ip address 172.16.16.9 255.255.255.252
ip tcp adjust-mss 1460
tunnel source x.x.x.x
tunnel destination y.y.y.y
!
interface ATM0/0/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 0/35
protocol ppp Virtual-Template1
!
interface ATM0/1/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 0/35
protocol ppp Virtual-Template1
!
interface Virtual-Template1
no ip address
ppp multilink
ppp multilink group 1
!
interface Multilink1
ip address x.x.x.x z.z.z.z
ip nat outside
ip virtual-reassembly
ppp multilink
ppp multilink group 1
==========
1841, 12.4(24)T2, traffic is sent over Cablevision link
===========
interface Tunnel0
ip address 172.16.16.10 255.255.255.252
ip tcp adjust-mss 1460
tunnel source y.y.y.y
tunnel destination x.x.x.x
!
interface FastEthernet0/0/0
description *** Cablevision ***
ip address y.y.y.y z.z.z.z
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
duplex auto
speed auto
The VPN is being generated by Sonicwalls on both ends. I've set MTU to
1460 on them as well.
I had originally set MTU to 1400, but it was worse.
Are there any obvious configurations I am missing to optimize this
traffic? For example, is something like the following recommended on
the Tunnel interfaces?
hold-queue 1024 in
hold-queue 1024 out
Thanks for your help.
Adam
More information about the cisco-nsp
mailing list