Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2706
Views
0
Helpful
4
Replies

GRE Tunnel packet loss

ivannepriakhin8505
Level 1
Level 1

‎12-25-2019 07:42 AM

Hi guys!!

 

I got  issue about packet loss in GRE tunnel between BRANCH (CISCO3825) and HEAD (CISCO3845-MB)

 

I'm measure bandwidth between HEAD and BRANCH offices with iperf3

 

Tunnel2

direction at HEAD  without question - 5Mb/s

direction at BRANCH  have Packet loss  - 50Kb/s

 

Tunnel1

Without questions

 

I did capture trafic:
HEAD   int Tunnel 2 , every packets injected in tunnel

BRANCH int Tunnel 2 , part of packet loss

 

Please check my circuit (Issue TunCisco.jpg) , maybe i'm don't see my issue in config or last direction it's issue ticket to ISP 2

 

 

config HEAD:

 

!
!Interface Without Packet Loss
=================================
interface Tunnel1
 ip address 10.0.0.1 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip nhrp authentication TESTPASS123
 ip nhrp map multicast dynamic
 ip nhrp network-id 999
 ip virtual-reassembly in max-reassemblies 64
 ip virtual-reassembly out max-reassemblies 64
 ip ospf network point-to-multipoint
 ip ospf cost 100
 ip ospf hello-interval 2
 keepalive 10 3
 tunnel source GigabitEthernet0/0
 tunnel mode gre multipoint
 tunnel key 777
 tunnel route-via GigabitEthernet0/0 mandatory
 tunnel protection ipsec profile VPNPROF1
!
!interface with Packet Loss
================================
interface Tunnel2
 ip address 10.0.1.1 255.255.255.0
 ip mtu 1400
 ip tcp adjust-mss 1360
 load-interval 30
 tunnel source GigabitEthernet0/0
 tunnel destination 1.1.1.1
 tunnel key 77777777
 tunnel route-via GigabitEthernet0/0 mandatory

 

config BRANCH:

 

!interface with Packet Loss
================================
interface Tunnel2
ip address 10.0.1.2 255.255.255.0
ip mtu 1400
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0/0
tunnel destination 3.3.3.3
tunnel key 77777777
!
!Interface Without Packet Loss
=================================
int Tunnel1
ip address 10.0.0.2 255.255.255.0
no ip redirects
ip mtu 1416
ip nat inside
ip nhrp authentication TESTPASS123
ip nhrp map 10.0.0.1 3.3.3.3
ip nhrp map multicast 3.3.3.3
ip nhrp network-id 999
ip nhrp nhs 10.0.0.1
ip virtual-reassembly
ip ospf network point-to-multipoint
ip ospf cost 10
ip ospf hello-interval 2
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 777
tunnel protection ipsec profile VPNPROF1
!

 

Labels:
Preview file
57 KB
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎12-28-2019 04:13 AM

Hello,

 

try and change/add the values marked in bold (these are the ones the tunnels without packet loss use):

 

interface Tunnel2
ip address 10.0.1.1 255.255.255.0
no ip redirects
ip mtu 1416
ip virtual-reassembly in max-reassemblies 64
ip virtual-reassembly out max-reassemblies 64
load-interval 30
tunnel source GigabitEthernet0/0
tunnel destination 1.1.1.1
tunnel key 77777777
tunnel route-via GigabitEthernet0/0 mandatory

 

interface Tunnel2
ip address 10.0.1.2 255.255.255.0

no ip redirects
ip mtu 1416
ip nat inside
ip virtual-reassembly in max-reassemblies 64
ip virtual-reassembly out max-reassemblies 64
tunnel source FastEthernet0/0/0
tunnel destination 3.3.3.3
tunnel key 77777777

0 Helpful

ivannepriakhin8505
Level 1
Level 1
In response to Georg Pauwen

‎01-09-2020 05:08 AM

Hi  Georg!

 

Sorry for my late answer.

 

Im tried your suggestion  but unfortunately it didn't help.

 

We will be change our circuit for workaround it is trouble.

 

Thanks for you reply!

0 Helpful

Georg Pauwen
VIP
VIP
In response to ivannepriakhin8505

‎01-09-2020 06:09 AM

Hello,

 

in any case, also check the physical interface of the branch. Can you post the output of:

 

show interfaces FastEthernet0/0/0

 

of the branch router ?

0 Helpful

ivannepriakhin8505
Level 1
Level 1
In response to Georg Pauwen

‎01-09-2020 06:25 AM - edited ‎01-09-2020 06:30 AM

Yeah, we did check its first, but trouble only if traffic going via tunnel.

 

If we pushing traffic without GRE every that work well

 

output sh int fa0/0/0

FastEthernet0/0/0 is up, line protocol is up 
  Hardware is FastEthernet, address is c84c.7511.1111 (bia c84c.7511.1111)
  Internet address is 1.1.1.1/30
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/229 (size/max/drops/flushes); Total output drops: 44
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  30 second input rate 6000 bits/sec, 9 packets/sec
  30 second output rate 8000 bits/sec, 12 packets/sec
     6128461 packets input, 1385992963 bytes
     Received 2012864 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     4266560 packets output, 1331641151 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     2012865 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

 

0 Helpful
Customers Also Viewed These Support Documents