Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1345
Views
0
Helpful
1
Replies

Monitoring VPN tunnel utilization (a la frame subinterface)

pforbes
Cisco Employee
Cisco Employee

‎11-02-2000 11:07 AM - edited ‎02-21-2020 11:14 AM

I was curious whether anyone out there had found a way to monitor traffic utilization going through the IPSec tunnels configured on their boxen. I have a need to report traffic utilization and type (i.e. http, smtp, ftp, etc.) to upper management.

As for the first part (utilization), I've thought I could use the packet decrypt/encrypt counters, though I haven't really dug into the MIB. As for the second (type), I'm at a loss unless I do some external data filtering/summarization based on the known netblocks assigned to each tunnel. This, however, is static and therefore cumbersome to maintain.

Anyone got any ideas? Gee, this might be a good feature in CSPM/NetFlow...

Thanks all.

---

Paul Forbes

Network Engineer

Trimble Ltd.

Labels:
0 Helpful
1 Reply 1

t-jefferson
Level 1
Level 1

‎11-06-2000 11:43 PM

Traffic utilization reports are best provided by your ISP. Any ISP offering MPLS over ATM VPN's can create very robust ulilization reports, ie ports, bandwidth utilization, errors, buffer hits, packet loss, peaks etc.

Cisco's MPLS can make ATM connectionless. Creating fully meshed VPN's by default. This eliminates the need for encryption (IPsec) and firewalls since traffic is not routed over the Internet. All VPN data is dropped to layer 2 and switched, while Internet destined traffic is sent to a gateway.

Since the WAN and Internet traffic are differentiated, reporting on performance becomes seamless.

0 Helpful
Customers Also Viewed These Support Documents