cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1132
Views
4
Helpful
5
Replies

High cpu consumption with GRE over IPSEC

Hi all,

     After applying a gre over ipsec tunnel on one of our branch office, we get high cpu consumption (average 90%).

Tunnel is applied between Cisco 2851 (C2800NM-ADVIPSERVICESK9-M), Version 12.4(24)T2, (fc2) and

Cisco CISCO2921/K9 Version 15.0(1)M3.

Config of the tunnet is as follow :

- authentication pre-share

- encryption aes 256

- hash : sha

- transform set : esp-aes esp-sha-hmac mode transport

Routing process is eigrp.

Could anyone please help me on solving this issue?

5 Replies 5

Marcin Latosiewicz
Cisco Employee
Cisco Employee

First of all you need to check what process (or IO) is causing CPU utilization.

show proc cpu sort 

would be the way to start.

Hi,

these process consum the higher cpu time : Crypto support (21%) ; Pool Manager (14%) ; IP Input (9%)

Thanks

If I had to guess this would mean there's some fragmentation/reassambly going on.

Did you lower MTU and MSS on the tunnel interface? I would also suggest checking with tunnel PMTUD.

Hi,

yes, we substracted the mtu value and mms adjust by  40.

I will check this tunnel PMTDU.

Thanks,

Cool, good start.

Check "show ip traffic" on both sides, it would be interesting to see what's going on.

BTW the CPU usage of top process doesn't add up to 90%, there's a possibility it's traffic rate/pattern + features (IP input and pool manager would suggest that).