I have a GRE over IPSec tunnel that gets high bandwidth utilization every 2-3 days and stays like that for 2-3 days. I look at the traffic using netflow on the 2811 router and 95% of the packets in and out are either GRE or IPSec. I only have two tunnels on this router (tunnel mode). My question is are GRE and IPSec causing the spike in bandwidth and if so what can I do to fix it?
While NetFlow may report that most of the packets are GRE or IPSec, I doubt that GRE or IPSec are really causing the spike in bandwidth. Other than keepalives (which do not consume much bandwidth) GRE and IPSec do not just send packets spontaneously. They send packets where there is some traffic that needs to be transported. I believe that you will find that something is generating traffic that is using GRE andIPsec. It is what is in the payload of the GRE and IPSec that you need to address.
That's kind of what I thought but how do I find that out? I am using Orion NPM but that doesn't tell me much. Would a sniffer be able to tell me what the actual packets are?
IPSEC traffic in encrypted and GRE is encapsulated as we know.
so you may enable the cache flow in inside interface(may be fastethernet- im just gussing as i dont know your network).
Or you must be aware of the intresting traffic defined for IPSEC whihc passes throgh GRE tunnel , where you can ground the source.
A detailed Stdy on ip accounting and Ip cache flow whould probably help you to figureout the same.
You were looking at NetFlow running on the outside interface when you saw that the traffic was GRE and IPSec. I agree with Rajeev that if you run NetFlow on the inside interface(es) you will probably see what traffic is increasing and causing the spike.
NTA shows high bandwidth utilization because the tunnel its self as far as bandwidth is doing 8kbps or 10kbps... if you show your stats with show interfaces tun 0 you can see that the interfa e has a high utilization of 193/255. A bandwidth statement is needed there but I'm not what to put if the physical bandwidth or the actual circuit bandwidth it gets tricky when running two up links with different bandwidth... but that's your answer if you set a different value and no problems please share