[c-nsp] Poor speed through GRE tunnel

Niraj Kacha N.Kacha at lboro.ac.uk
Thu Jul 16 03:20:00 EDT 2015 

Hi,

I am trying to set up a GRE tunnel between a Cisco 3750X-12S and a Cisco 6500. The idea was to set it up in a lab to ensure its all working and then ship the 3750X to the remote location.

3750X ————— GRE Tunnel ————— 6500

I have managed to get the GRE tunnel up and working without any issues, but the throughput through the tunnel is really poor. The end game would be to wrap an IPSEC tunnel around the GRE tunnel to secure the communications but when the performance figures below, this is a show stopper.

3750X Tun interface config
interface Tunnel20
 description core-luil-gre
 bandwidth 1000000
 bandwidth inherit 1000000
 ip address 10.61.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 ip directed-broadcast 101
 ip router isis 100
 ip pim sparse-dense-mode
 ipv6 address 2001:630:301:8C02::1/64
 ipv6 enable
 no ipv6 redirects
 ipv6 router isis 100
 tunnel source Loopback10
 tunnel destination 10.254.254.31
 tunnel path-mtu-discovery
 isis authentication mode md5
 isis authentication key-chain isis-key
 isis priority 80
 isis hello-interval minimal
end

6500 Tun interface config
interface Tunnel20
 description luil-core-gre
 bandwidth 1000000
 bandwidth inherit 1000000
 ip address 10.61.1.2 255.255.255.0
 no ip redirects
 no ip unreachables
 ip directed-broadcast 101
 ip pim sparse-dense-mode
 ip router isis 100
 ipv6 address 2001:630:301:8C02::2/64
 ipv6 enable
 no ipv6 redirects
 ipv6 router isis 100
 tunnel source Loopback10
 tunnel destination 10.254.254.30
 tunnel path-mtu-discovery
 isis authentication mode md5
 isis authentication key-chain isis-key
 isis priority 80
 isis hello-interval minimal
end

iperf output through GRE tunnel

[root at dick-whittington ~]# iperf -c 131.231.190.89
------------------------------------------------------------
Client connecting to 131.231.190.89, TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------
[  3] local 131.231.32.2 port 47355 connected with 131.231.190.89 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.3 sec  2.62 MBytes  2.14 Mbits/sec

iperf output thought a routed link with no GRE

[root at dick-whittington ~]# iperf -c 131.231.190.89
------------------------------------------------------------
Client connecting to 131.231.190.89, TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------
[  3] local 131.231.32.2 port 47354 connected with 131.231.190.89 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec   832 MBytes   698 Mbits/sec

Does anyone have experience with GRE tunnels that might be able to shed some light as to where i might be going wrong.

Cheers

Niraj
----------------------
Niraj Kacha
Network Security
Loughborough University

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20150716/bee4d391/attachment.sig>

More information about the cisco-nsp mailing list