RE: Site-to-site IPSec + GRE Tunnel maxm throughput?

Yes more than stayed alive...

Are you sure you traffic is not stuck in the process path from fragment re-assembly at the far end

You must prevent fragmented packets to avoid latency and issues even with AIM cards installed as all fragmentation re-assembly is done in the SLOWEST path.

I would also run 12.4T latest Adv IP svcs code

Try

Int f0/0
Description LAN facing
Ip mtu 1412
ip tcp adjust-mss 1360

Do that at both sides and reconfirm results

-Joe

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Vijayaram VR
Sent: Wednesday, August 26, 2009 11:42 AM
To: Cisco certification
Subject: Site-to-site IPSec + GRE Tunnel maxm throughput?

Hi All,

I've been trying to setup an site-to-site IPSec tunnel using C2851 on
one end and C3825 on the other with hardware encryption (AIM) installed.
Both routers also performing NAT and GRE.

My problem is whenever the traffic rate on the tunnel interfaces is more
than 20Mbps, router cpu hits 100% and it crashes. When I checked show
process cpu, 93% of the utilisation is due to interrupts, means it is
being CEF switched. My suspicion is on the GRE, as IPSec is offloaded to
AIM. I've gone through many Cisco docs and couldn't find convincing
answer on the maximum throughput supported by GRE tunnel.

Did any of you ever tried to pump more than 30Mbps over a GRE tunnel?
and did the router stayed alive?

Thanks.

Rgds, VJ

Blogs and organic groups at http://www.ccie.net
Received on Wed Aug 26 2009 - 13:02:17 ART