Router Capasity for GRE tunnels

Unanswered Question
Mar 14th, 2008

I would like to deploy 250 endpoints GRE tunnel. Which router do I need at HQ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Paolo Bevilacqua Fri, 03/14/2008 - 04:04

In reality depends by the amount of traffic carried, more than the number of tunnels.

You also have the point-to-multipoint tunnel that is engineer's friend as it simplifies the configuration very very much.

In any case, for serious enterprise-class networking, look at 7200 NPE-G1 or G2 routers in the centers.

Hope this helps, please rate post if it does!

kimqv Fri, 03/14/2008 - 04:25

The reason of deployment GRE is sending Video streaming, where we do not have IP Multicast in backbone. Is DMVPN -Multi GRE you are talking about point-to-multipoint ? Give me a hint any way


Joseph W. Doherty Fri, 03/14/2008 - 04:54

Uncertain whether it would help or hinder, and I realize you're only requirement is for GRE, but Cisco's GET-VPN might simplify the implementation and in the notes it supports multicast.


For performance, one of the fastest might be multipoint GRE where CEF is used, e.g.

Paolo Bevilacqua Fri, 03/14/2008 - 05:13

Yes, you are be able to send multicast over the p2mp tunnels. DMVPN is kind of marketing name to indicate that the tunnels are encrypted as well, thing that you may or may not require.

Note the GET technology as suggested by Joseph is actually more complicated than dmvpn, because it requires an external provisioning systems (sun based), so it's no recommendable for enterprise customers in my opinion.

Joseph W. Doherty Fri, 03/14/2008 - 10:26

Paolo, I'm unable to find a Cisco GET-VPN reference for the requirement of a Sun based provisioning system. (Key servers are noted as using routers.) Could you provide a URL reference? Thanks.


Paolo, makes an interesting point about the complexity of GET-VPN vs. DMVPN. Probably depends on how the features map to what you desire to do. For instance, the key server is pushed as a method for easier key management (probably more true as you scale up). A two page Cisco sheet contrasting the two, GET-VPN and DMVPN:

Paolo Bevilacqua Fri, 03/14/2008 - 16:23

Hi, I stand corrected about the requirement for a server based platform with GET VPN, still I note the fact that a keyserver is not needed with DMVPN especially considering that encryption is not even mandatory.

So I think that unless you have already encountered major limitations with the consolidated DMVPN solution, you should stay with that. The Q&A is an additional source of info:


This Discussion