Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2632
Views
0
Helpful
6
Replies

DMVPN tunnel bouncing

joe.fodor
Level 1
Level 1

‎11-15-2018 06:57 AM - edited ‎02-21-2020 09:30 PM

Hello,

 

I am running DMVPN which is working really great for all of my sites except one that is halfway across the globe. The latency is above 200ms and the tunnels seem to bounce a lot for no reason. We have called the ISP a lot to see if there is something on their side but it never seems to be. Is there some sort of way to tweak DMVPN on these spoke routers to be less latency sensitive? 

 

Thanks again for any help provided!

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎11-15-2018 09:12 AM

What is the logs show, at the time of Tunnel loss, do you see underlay ping still working ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

joe.fodor
Level 1
Level 1
In response to balaji.bandi

‎11-15-2018 09:30 AM

sometimes the tunnel doesn’t actually drop and pings still work out to the internet but anything across tunnel has drops.
0 Helpful

joe.fodor
Level 1
Level 1
In response to balaji.bandi

‎11-15-2018 09:32 AM

There is really no logs other than 

%DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor x.x.x.x (Tunnel0) is down: Peer Termination received

Nov 15 08:44:51.661 CST: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor x.x.x.x (Tunnel0) is up: new adjacency

0 Helpful

David Castro F.
Spotlight
Spotlight

‎11-15-2018 02:54 PM

Hello Joe,

 

I hope you are doing great,

 

I am wondering:

- Is this DMVPN with IPSec encryption?

- Is this a plane DMVPN?

- What is the MTU - MSS configured values on the router?

 

Remember that there is much more overhead of bytes added when having GRE and on top of that IPsec. What I would recommend is to first try using this on both sides under your tunnel interfaces (make sure that your physical interface is 1500, if it's Ethernet, the default should be 1500 unless it was globally changed).

Under tunnel interfaces:

interface tu0

 ip tcp adjust-mss 1376
 tunnel path-mtu-discovery

 ip mtu 1400

 

You only need 1 of the last 2 commands but Cisco recommends putting them both. Below there is a document very useful that explains MSS, MTU, overheads and why you would like to tweak those values.

 http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html

 

Keep us posted,

 

Please rate all of the helpful answers and mark as correct if it answer and solved your question,

 

Regards,

 

David Castro,

0 Helpful

joe.fodor
Level 1
Level 1
In response to David Castro F.

‎11-15-2018 08:16 PM

Thanks for the reply currently I have :


ip tcp adjust-mss 1360

ip mtu 1400



and I just added tunnel path-mtu-discovery after reading this. This is IPSEC encryption. Hopefully the tuennl path-mtu-discovery will help?
Should I bump up the tcp adjust-mss to 1376?

0 Helpful

David Castro F.
Spotlight
Spotlight
In response to joe.fodor

‎11-16-2018 07:20 AM

Hello Joe,

 

The PMTU helps since it does tweak automatically the sizes, anyways I would recommend you to have a syslog and send debugs for NHRP, DMVPN, EIGRP and also have an IP SLA monitoring the ping to the other side. Because we need to understand what might be causing the flapping, do you have any sort of keepalive going through?

 

Please rate all helpful posts,

 

Regards,

 

David Castro,

0 Helpful
Customers Also Viewed These Support Documents