Re: GRE Output Drops

michael.crocker · ‎01-05-2004

I currently have 33 sites that have GRE tunnels which terminate at a central location in a hub and spoke configuration. Almost all sites have the IOS up to date and routers range from 1721's and 2600's to 3620's. I have been trying to come up with an answer as to why, on a pretty good majority of the sites, there are output drops on the GRE tunnels to the hub office. Traffic on the tunnel is normally not more than a 1/4 to 1/2 of the bandwidth and never peaks above that.

Could anyone give me an educated guess or theory as to what could be causing or why I may be getting output drops on a tunnel interface? There doesn't seem to be any effect on the performance at each site but I would like to get a handle on this before it happens to get out of hand.

larryhjr · ‎01-30-2004

Michael:

I have a similar setup. 33 remote sites with 2621's and 10 remote sites with 2650's. My headends are 7206VXR's.

I'm running OSPF over the GRE tunnels. I am seeing the OSPF neighbor relationship intetrmittently drop over the tunnels - ospf just shows that the dead timer expired. Debugs show that the IPSEC relationship drops over the tunnel causing the OSPF adjacency to time out.

One thing that was suggested to me (I haven't implemented yet - want to test in a lab enviroment first) is that the tunnel interfaces should not have the crypto map tied to them. Starting

on IOS code 12.2.13T the crypto map should only be applied to the physical interface.

Let me know if your problem is simialr to this.

Thanks

Larry H.

michael.crocker · ‎01-30-2004

Thanks for your response, however I'm not running IPSEC over GRE, just a plain GRE tunnel so I have no crypto maps to deal with. It's a strange thing but it doesn't seem to be causing any harm at the moment so I may just let it alone.