10-27-2010 10:54 AM
Total Output drops (Input Queue) on GRE tunnel interfaceWe've experienced "output drops" on GRE tunnel interfaces with IPSec. The WAN link for carrying GRE traffic is not even congested and the CPU utilization of the router is under 10%. The router model is a Cisco 7206VXR.
interface Tunnel0
description Primary Hub DMVPN Tunnel
bandwidth 155000
ip address 172.16.x.x 255.255.255.0
no ip redirects
ip mtu 1400
ip flow ingress
no ip next-hop-self eigrp 111
ip nhrp authentication xiysdjn
ip nhrp map multicast dynamic
ip nhrp network-id 798356
ip nhrp holdtime 120
no ip split-horizon eigrp 111
load-interval 30
delay 100
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 195532
tunnel protection ipsec profile VPNprofile
hold-queue 3000 in
hold-queue 4096 out
end
PAPPAPAP#sh int tu 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Description: Primary Hub DMVPN Tunnel
Internet address is 172.16.X.X/24
MTU 1514 bytes, BW 155000 Kbit/sec, DLY 1000 usec,
reliability 255/255, txload 64/255, rxload 29/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 12.157.91.173 (Loopback0), destination UNKNOWN
Tunnel protocol/transport multi-GRE/IP
Key 0x2FBCC, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Tunnel protection via IPSec (profile "VPNprofile")
Last input 00:00:02, output 00:00:01, output hang never
Last clearing of "show interface" counters 00:01:33
Input queue: 0/3200/0/0 (size/max/drops/flushes); Total output drops: 4900
Queueing strategy: fifo
Output queue: 0/4096 (size/max)
5 minute input rate 18115000 bits/sec, 3407 packets/sec
5 minute output rate 38943000 bits/sec, 5031 packets/sec
308694 packets input, 194553499 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
436072 packets output, 399663000 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
So what are the factors that can contrubute to the output drops of a GRE tunnel interface without any QOS strategies implemented on the tunnel interface?
As there is drops and errors on LAN and WAN side. WAN speed is 155 Mb. Lan is 1 Gig.
Any heads up for this ??
10-27-2010 01:20 PM
Hi,
One of the common output drop reasons on the tunnel interface would be PMTUD, ie., when a packet larger than 1400 bytes arrive on the input interface with the DF bit set, the router would drop this packet and send back out an icmp 3/4 message to perform PMTUD. These drops would be accounted for as output drops on the tunnel. You can verify this by doing a "debug ip icmp" on the router, or look at the icmp statistics under "show ip traffic" for icmp unreachables sent.
I hope this helps,
Thanks,
Wen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide