Tunnel Problem - NAT with another Router fixes it

Unanswered Question
Mar 12th, 2008

Hello!

We are operating a 3600 Software (C3640-I-M), Version 12.3(18), router with a tunnel (standard gre no ecyption) via a leased line to our hq where the ip of our router is registered.

we have a quite bad performance with this tunnel (5 mb leased line we get only 1.5 mbit)

when we remove the tunnel and connect this router via another router that does NAT on the leased line, everything is fine!

:-(

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 03/12/2008 - 00:54

Hi

Have you tried lowering the mtu on the GRE tunnel interface at both ends as GRE does add an overhead to the IP packet.

Try lowering the mtu to 1476 and see if that helps ie.

int tunnel1

ip mtu 1476

HTH

Jon

kmmehlkmmehl Wed, 03/12/2008 - 01:01

hello john!

well yes. but we find a strange problem that we cannot access soe sites from the pcs behind the router.

for example msn messenger and some websites do *not* work. i also think its an mtu problem bbut i do not know how to systematically fix it...

Danilo Dy Sat, 03/15/2008 - 20:31

Hi,

I think the default mtu of gre tunnel is 1476. Try "ip mtu 1500" I always use this over MPLS and over IPSec through internet, so far so good.

BTW, you didn't mentioned the configured mtu in your GRE Tunnel, so I assume you are using the default which is 1476.

However "ip mtu 1500" causes the packet to be defragmented. The router in the other end need to reassemble the gre tunnel packets before it can remove the gre tunnel header and forward it to inner packet. This process is done in process-switch mode and uses memory. For high end devices, this is almost unnoticed but for low end devices (and older models) with multiple gre tunnel configured you will notice the slow throughput performance. Fire up "cef" for better performance.

Regards,

Dandy

Actions

This Discussion