Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10167
Views
0
Helpful
1
Replies

Total Output drops (Input Queue) on GRE tunnel interface

pankajatt
Level 1
Level 1

‎10-27-2010 10:54 AM

Total Output drops (Input Queue)  on GRE tunnel interfaceWe've experienced "output drops" on GRE tunnel interfaces with IPSec. The WAN link for carrying GRE traffic is not even congested and the CPU utilization of the router is under 10%. The router model is a Cisco 7206VXR.

interface Tunnel0

description Primary Hub DMVPN Tunnel

bandwidth 155000

ip address 172.16.x.x 255.255.255.0

no ip redirects

ip mtu 1400

ip flow ingress

no ip next-hop-self eigrp 111

ip nhrp authentication xiysdjn

ip nhrp map multicast dynamic

ip nhrp network-id 798356

ip nhrp holdtime 120

no ip split-horizon eigrp 111

load-interval 30

delay 100

tunnel source Loopback0

tunnel mode gre multipoint

tunnel key 195532

tunnel protection ipsec profile VPNprofile

hold-queue 3000 in

hold-queue 4096 out

end

PAPPAPAP#sh int tu 0

Tunnel0 is up, line protocol is up

Hardware is Tunnel

Description: Primary Hub DMVPN Tunnel

Internet address is 172.16.X.X/24

MTU 1514 bytes, BW 155000 Kbit/sec, DLY 1000 usec,

reliability 255/255, txload 64/255, rxload 29/255

Encapsulation TUNNEL, loopback not set

Keepalive not set

Tunnel source 12.157.91.173 (Loopback0), destination UNKNOWN

Tunnel protocol/transport multi-GRE/IP

Key 0x2FBCC, sequencing disabled

Checksumming of packets disabled

Tunnel TTL 255

Fast tunneling enabled

Tunnel transmit bandwidth 8000 (kbps)

Tunnel receive bandwidth 8000 (kbps)

Tunnel protection via IPSec (profile "VPNprofile")

Last input 00:00:02, output 00:00:01, output hang never

Last clearing of "show interface" counters 00:01:33

Input queue: 0/3200/0/0 (size/max/drops/flushes); Total output drops: 4900

Queueing strategy: fifo

Output queue: 0/4096 (size/max)

5 minute input rate 18115000 bits/sec, 3407 packets/sec

5 minute output rate 38943000 bits/sec, 5031 packets/sec

308694 packets input, 194553499 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

436072 packets output, 399663000 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 unknown protocol drops

0 output buffer failures, 0 output buffers swapped out

So what are the factors that can contrubute to the output drops of a GRE tunnel interface without any QOS strategies implemented on the tunnel interface?

As there is drops and errors on LAN and WAN side. WAN speed is 155 Mb. Lan is 1 Gig.

Any heads up for this ??

Labels:
0 Helpful
1 Reply 1

wzhang
Cisco Employee
Cisco Employee

‎10-27-2010 01:20 PM

Hi,

One of the common output drop reasons on the tunnel interface would be PMTUD, ie., when a packet larger than 1400 bytes arrive on the input interface with the DF bit set, the router would drop this packet and send back out an icmp 3/4 message to perform PMTUD. These drops would be accounted for as output drops on the tunnel. You can verify this by doing a "debug ip icmp" on the router, or look at the icmp statistics under "show ip traffic" for icmp unreachables sent.

I hope this helps,

Thanks,

Wen

0 Helpful
Customers Also Viewed These Support Documents