[c-nsp] Input errors on GRE tunnel interface
Ranjith R
ranjithrnair at gmail.com
Sun Aug 28 11:55:02 EDT 2011
Hi All ,
Could you please provide inputs on this .
Thanks,
Ranjith
On Sat, Aug 27, 2011 at 11:04 PM, Ranjith R <ranjithrnair at gmail.com> wrote:
> Hi All ,
>
> As part of a Failover scenario we have the below setup.
>
> R1 ( VPN router ) ----- R2 ---------GRE tunnel ------------- R3 (
> internet router ) ------- Internet
>
> GRE tunnel is built over a WAN link which supports only 1500 Bytes .
>
> We observe high input drops on the physical interface of R2 and hight
> input queue drops on the tunnel interfaces of R2 and R3 routers . On R3 PBR
> is in place for clearing the DF bit for all packets hitting the physical
> interface of GRE tunnel without which we face connectivity issues for
> endusers who make use of IPSEC VPN for connecting to client.
>
> R1 - cisco 2821 and R3 - Cisco 2911 .
>
> There is also high CPU usage on R2 which i beleive is due to the
> fragmentation / re-assembling happening .What should be the ideal IP MTU
> and MSS value which could cause minimal fragmenation with the current
> scenario ?
>
> Also if we acheive a higher MTU support on the WAN link can we acheive a
> better performance and lower CPU usage ?
>
>
> Kindly share your thoughts on why the input queue errors are increasing on
> the tunnel interface .
>
>
> Thanks,
> Ranjith
>
>
>
>
More information about the cisco-nsp
mailing list