DFM Notification - High queue drop rate on Tunnel interface

Unanswered Question
Jun 10th, 2008

CiscoWorks DFM 2.0.10 generates high queue drop rate on Tunnel interface. Is this a bogus notification? There are no errors on the physical interface.

ROUTER#sh int tu0

Tunnel0 is up, line protocol is up

Hardware is Tunnel

Internet address is

MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation TUNNEL, loopback not set

Keepalive not set

Tunnel source (Loopback0), destination

Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled

Checksumming of packets disabled, fast tunneling enabled

Last input 3w3d, output 4w5d, output hang never

Last clearing of "show interface" counters 1d03h

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 12 <==

Queueing strategy: fifo

Output queue: 0/0 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

85 packets input, 21672 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

84 packets output, 21019 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Joe Clarke Tue, 06/10/2008 - 09:55

This is not bogus. Given the low amount of traffic on this interface, 12 output drops is significant. The queue drop rate is ~ 15%. If this is acceptable, then you can increase the default threshold under DFM > Configuration > Polling and Thresholds > Managing Thresholds.

santipongv Tue, 06/10/2008 - 10:10

Tunnel interface is logical and there is no real buffer, isn't it?

Joe Clarke Tue, 06/10/2008 - 10:50

Certainly no hardware buffer, but there is buffer memory carved out. Typically, output drops on tunnel interfaces occur when a packet is queued with the DF bit set, but the packet is larger than the tunnel's IP MTU, so they are dropped. Additionally, if the packet plus the GRE header is larger than the tunnel can handle (and the DF bit is set) the packet will be dropped.

Joe Clarke Tue, 06/10/2008 - 11:12

You might try:

ip mtu 1400

ip tcp adjust-mss 1380

As a start. But this might be a better question for the VPN or one of the routing forums.

santipongv Tue, 06/10/2008 - 11:15

Unfortunately, I have 12.2(24a) on the router. "ip tcp adjust-mss 1380" is not supported.


This Discussion