Greetings!
I have a Cisco 3945E 15.4(3)M1 (Upgraded from a 2851) Router connected to a cable modem this, in turn connects via a plain GRE tunnel to a cloud instance and on to the internet.

The tunnel and endpoints are up and running. Traffic flows in both directions and routes properly. I have a 400 mb/s pipe at the Cisco end and a much larger one at the cloud instance end. I was using LISP before in a similar situation and was getting 300+ mb/s. With the new setup (Either Router!)I am down to 50 mb/s. I MUST have a misconfig issue someplace. I have checked CPU load on the router (<30%) and nload on the Linux Instance (Centos 7) shows the 50 mb/s with essentially zero CPU load.

I have calculated and deployed an MTU of 1476 for the Tunnel and 1436 as the MSS on both sides. (Client machines are still at 1500 default)

My newest basic configs are:

Cisco Router (Abridged for clarity)

version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router3945E
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 

enable password
!
no aaa new-model
!
!
!
!
ip domain name madeup.net
ip name-server 8.8.8.8
ip name-server xxx.xxx.xxx.xxx
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-xxxxxxxxx
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-xxxxxxxxxx
 revocation-check none
 rsakeypair TP-self-signed-xxxxxxxxxx
!
!
crypto pki certificate chain TP-self-signed-xxxxxxxxxxx
 certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
voice-card 0
!
!
!
license udi pid C3900-SPE250/K9 sn xxxxxxxxxxxx
!
!
hw-module pvdm 0/0
!
username xxxxxxxx privilege 15 secret 5 $
!
redundancy
!
!
ip tcp path-mtu-discovery
no ip ftp passive
ip scp server enable
bridge irb
interface Loopback0
 ip address 201.xxx.xxx.xx 255.255.255.0
!
interface Tunnel0
 bandwidth inherit
 ip address 192.0.3.3 255.255.255.252
 ip mtu 1476
 ip tcp adjust-mss 1436
 tunnel source 61.203.212.230
 tunnel destination 181.251.205.33
 tunnel path-mtu-discovery
!
interface GigabitEthernet0/0
 description connection to CABLE MODEM (DHCP)
 ip address dhcp
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description Connection to 24-port unmanaged switch 201 LAN
 ip address 201.xxx.xxx.x 255.255.255.0
 ip tcp adjust-mss 1400
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/2
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/3
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 128.0.0.0 Tunnel0
ip route 128.0.0.0 128.0.0.0 Tunnel0
ip route 181.251.205.33 255.255.255.255 61.203.212.230
!
!
nls resp-timeout 1
cpd cr-id 1
!
snmp-server community public RO
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
gatekeeper
 shutdown
!
!
line con 0
line aux 0
line vty 0 4
 password XXXXXXXXXXXXX
 login local
 transport input ssh
!
scheduler allocate 20000 1000
!
end

The Centos 7 Side is pretty simple:

The IPCFG_ETH0 on the Instance Centos 7 Box

MTU 1500

DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
NM_CONTROLLED="no"
IPV6_AUTOCONF="yes"
IPV6INIT="yes"
NOZEROCONF="yes"
ZONE=public

The IPCFG_TUN0 on the Instance Centos 7 Box

MTU 1476

DEVICE=tun0
BOOTPROTO=none
ONBOOT=yes
TYPE=GRE
PEER_INNER_IPADDR=192.0.2.2
PEER_OUTER_IPADDR=68.x.x.x
MY_INNER_IPADDR=192.0.2.1

Bear in mind I am also using BGPD to announce a /24 publicly and routing that /24 through the Tunnel (201.x.x.x)

Any ideas??? I believe there is an MTU/MSS issue someplace, but I have not been able to diagnose this.

 Weird that it's limited at just around 50 mbps??

Thanks for any help!

Rick