Re: IPv6 GRE Tunnel ISR1121

p11l · ‎12-20-2024

Hello everyone,
Unfortunately I have a problem again.

I have two ISR 1100 routers which are connected to the Internet with a separate CG522-E (which does passthrough).

The CG522-E is a type of modem.

I have configured a GRE ipv6 tunnel on both ISRs through which ipv4 traffic goes.

At first the tunnel constantly broke down and then rebuilt itself (almost every second). I was able to fix this by setting an ip sla with a ping to the public ipv6 address of the other ISR. IPv6 Adresses are static from my provider.

The tunnel now remains constantly open.

But now I have the problem that the performance is very poor, probably due to the tunnel.

I have been reading on the Internet for hours and days, but unfortunately I haven't found a solution. Actually, a GRE ipv6 tunnel isn't particularly difficult. The performance is ~ 40Mbit/s in one direction and 15Mbit/s in the other.

If I connect a normal laptop to the CG522-E modem instead of the ISR, it is immediately on the Internet.

If I do a speed test there, I get well over 300Mbit/s up and over 50Mbit/s down.

I therefore strongly suspect that the GRE tunnel is the problem.

I have read a lot about possibly incorrect MTU but I have not found a solution.

Perhaps one of you can help me solve the problem?

My configurations are as follows:

ISR-1
ipv6 unicast-routing
interface Tunnel0
ip address 192.168.9.1 255.255.255.0
tunnel source GigabitEthernet0/0/0
tunnel mode gre ipv6
tunnel destination [Address-ISR2]
tunnel path-mtu-discovery
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
ipv6 dhcp client request vendor
ipv6 address autoconfig default
ipv6 enable
!
ip sla 1
icmp-echo [Address-ISR2] source-ip [Address-ISR1]
frequency 6
ip sla schedule 1 life forever start-time now

ISR-1#sh int gi 0/0/0
GigabitEthernet0/0/0 is up, line protocol is up
Hardware is C1121-2x1GE, address is 1484.73e8.6f00 (bia 1484.73e8.6f00)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is auto, media type is RJ45
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 30
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 27000 bits/sec, 13 packets/sec
5 minute output rate 27000 bits/sec, 14 packets/sec
2991375 packets input, 1003740519 bytes, 0 no buffer
Received 1 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 25832 multicast, 0 pause input
3580098 packets output, 3157309280 bytes, 0 underruns
Output 0 broadcasts (0 IP multicasts)
0 output errors, 0 collisions, 1 interface resets
11763 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
9 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

ISR-1#sh int tun0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 192.168.9.1/24
MTU 1456 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 45/255, rxload 43/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel linestate evaluation up
Tunnel source [Address-ISR-1] (GigabitEthernet0/0/0), destination [Address-ISR-2]
Tunnel Subblocks:
src-track:
Tunnel0 source tracking subblock associated with GigabitEthernet0/0/0
Set of tunnels with source GigabitEthernet0/0/0, 1 member (includes iterators), on interface <OK>
Tunnel protocol/transport GRE/IPv6
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
Path MTU Discovery, ager 10 mins, min MTU 1280
Tunnel transport MTU 1456 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 4d02h
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 30
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 17000 bits/sec, 9 packets/sec
5 minute output rate 18000 bits/sec, 10 packets/sec
2746421 packets input, 940325324 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
3350308 packets output, 3074052472 bytes, 0 underruns
Output 0 broadcasts (0 IP multicasts)
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

-----------
ISR-2
ipv6 unicast-routing
interface Tunnel0
ip address 192.168.9.2 255.255.255.0
tunnel source GigabitEthernet0/0/0
tunnel mode gre ipv6
tunnel destination [Address-ISR1]
tunnel path-mtu-discovery
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
ipv6 dhcp client request vendor
ipv6 address autoconfig default
ipv6 enable
!
ip sla 1
icmp-echo [Address-ISR1] source-ip [Address-ISR2]
frequency 6
ip sla schedule 1 life forever start-time now

ISR-2#sh int gi 0/0/0
GigabitEthernet0/0/0 is up, line protocol is up
Hardware is C1121-2x1GE, address is 1484.73f3.dc00 (bia 1484.73f3.dc00)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is auto, media type is RJ45
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 27000 bits/sec, 13 packets/sec
5 minute output rate 26000 bits/sec, 12 packets/sec
3513522 packets input, 3116342422 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 23908 multicast, 0 pause input
2906165 packets output, 1003619905 bytes, 0 underruns
Output 0 broadcasts (0 IP multicasts)
0 output errors, 0 collisions, 5 interface resets
9037 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
12 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

ISR-2#sh int tun0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 192.168.9.2/24
MTU 1456 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 40/255, rxload 40/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel linestate evaluation up
Tunnel source [Address-ISR-2] (GigabitEthernet0/0/0), destination [Address-ISR-1]
Tunnel Subblocks:
src-track:
Tunnel0 source tracking subblock associated with GigabitEthernet0/0/0
Set of tunnels with source GigabitEthernet0/0/0, 1 member (includes iterators), on interface <OK>
Tunnel protocol/transport GRE/IPv6
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
Path MTU Discovery, ager 10 mins, min MTU 1280
Tunnel transport MTU 1456 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 01:30:16, output 00:42:11, output hang never
Last clearing of "show interface" counters 3d03h
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 16000 bits/sec, 8 packets/sec
5 minute output rate 16000 bits/sec, 8 packets/sec
3313460 packets input, 3049678696 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
2722775 packets output, 936393430 bytes, 0 underruns
Output 0 broadcasts (0 IP multicasts)
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

Thanks a lot for all your help!

Flavio Miranda · ‎12-20-2024

@p11l

We know that tunnel always drops the performance but hard to predict how much. I saw a doc where Cisco recommend MTU of 1500 for IPV6 GRE. I believe you can play with MTU and MSS.

MHM Cisco World · ‎12-20-2024

MHM

p11l · ‎01-06-2025

tunnel mode gre ipv6 is ok because source and dest are ipv6 address - gre transport ipv4 inside the tunnel

I installed wireshark to trace traffic between two clients - each of every tunnel side. I tested it with iperf; receive and send mode.

Test results are bad:

- download 22mbit/s

- upload 4mbit/s

I attached some pictures from wireshark and u can see how many retransmit are there.

It seems to me that he try to adjust mss from starting 1068 to some lower value to lower and lower to zero. Try to re-transmit and why ever he can send againt with 1068 and get even slower.

Have you any idea how I can fix this behaviour?

Many Thanks!

MHM Cisco World · ‎01-06-2025

both platform are ISR 1K ?

MHM

p11l · ‎01-06-2025

Yes

p11l · ‎01-06-2025

I did a extended ping from client to a gateway in another network (behind gre tunnel at the other end).

In the screenshot attached you can see how the pakets are fragmented in the second ping with 1081 bytes.

The first ping with 1080 bytes are ok and pakets not fragemented.

vishalbhandari · ‎01-12-2025

@p11l The performance issue is likely due to the MTU size on the GRE IPv6 tunnel. Your tunnel MTU is set to 1456 bytes, which may cause fragmentation or inefficiencies when forwarding packets. Since GRE adds overhead, it's crucial to ensure the tunnel's MTU accommodates this.

p11l · ‎01-14-2025

OK all, the problem where solved.

It were two problems.

1st - Provider Problem, they do things to route our traffic a better way (they told us).

2nd - behind ISR1100 Router we had a FPR1100 with a ASA Image. The ASA Image has a problem in Software that we decrease from L3 to L2 interface.

I can't told you about the special problem within the 2nd step, because my boss working on it.

Thanks for all your help!

MHM Cisco World · ‎01-14-2025

Thanks alot for update us

Have a nice day

MHM