From: Jose James (jose.james@trafigura.com)
Date: Wed Aug 13 2008 - 12:09:59 ART
Had the same issue once and it turned out to be tunnel checksum
From BlackBerry HandHeld Device
----- Original Message -----
From: nobody@groupstudy.com <nobody@groupstudy.com>
To: ccielab@groupstudy.com <ccielab@groupstudy.com>
Sent: Wed Aug 13 15:57:00 2008
Subject: Packet Drops on IPSEC GRE Tunnels
Hi Experts,
I've searched everywhere I could, but need someone to kindly give an
expert opinion as to why outbound packets on IPSEC GRE tunnel interfaces
get dropped, even without congestion? I could understand inbound traffic
being dropped due to dencapsulation and decryption processes ie. loosing
of gre and ipsec headers etc. During these periods, the cpu is usually <
4% and there is usually no congestion or high bandwidth utilisation on
the tunnels.
Also, is there any correlation with IPSEC GRE packets flow and CPU
processor power on a router? Maybe that one sound a bit daft, but I
can't honestly figure out why encryption process on a Cisco 2811 will
jack up the cpu to about 95%; hence why I'm humbly asking the group for
further expert opinions on this.
************************************************************************
*************************
Tunnel1 is up, line protocol is up
Hardware is Tunnel
Description: Tunnel interface for GRE link from Rack1-R1 to Rack1-R4
Internet address is 10.10.11.1/24
MTU 1514 bytes, BW 1500 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (10 sec), retries 3
Tunnel source 10.10.1.1 (Loopback1), destination 10.10.4.4
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 0w2d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
108961
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 9000 bits/sec, 6 packets/sec
5 minute output rate 3000 bits/sec, 4 packets/sec
91212393 packets input, 1052133962 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
120861676 packets output, 1801671796 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
************************************************************************
*************************
Many Thanks.
Yemi Salau.
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:30 ART