[c-nsp] Input errors on GRE tunnel interface
Ranjith R
ranjithrnair at gmail.com
Sat Aug 27 13:34:16 EDT 2011
Hi All ,
As part of a Failover scenario we have the below setup.
R1 ( VPN router ) ----- R2 ---------GRE tunnel ------------- R3 ( internet
router ) ------- Internet
GRE tunnel is built over a WAN link which supports only 1500 Bytes .
We observe high input drops on the physical interface of R2 and hight
input queue drops on the tunnel interfaces of R2 and R3 routers . On R3 PBR
is in place for clearing the DF bit for all packets hitting the physical
interface of GRE tunnel without which we face connectivity issues for
endusers who make use of IPSEC VPN for connecting to client.
R1 - cisco 2821 and R3 - Cisco 2911 .
There is also high CPU usage on R2 which i beleive is due to the
fragmentation / re-assembling happening .What should be the ideal IP MTU
and MSS value which could cause minimal fragmenation with the current
scenario ?
Also if we acheive a higher MTU support on the WAN link can we acheive a
better performance and lower CPU usage ?
Kindly share your thoughts on why the input queue errors are increasing on
the tunnel interface .
Thanks,
Ranjith
More information about the cisco-nsp
mailing list