Cisco Support Community
Cisco Employee

Monitoring VPN tunnel utilization (a la frame subinterface)

I was curious whether anyone out there had found a way to monitor traffic utilization going through the IPSec tunnels configured on their boxen. I have a need to report traffic utilization and type (i.e. http, smtp, ftp, etc.) to upper management.

As for the first part (utilization), I've thought I could use the packet decrypt/encrypt counters, though I haven't really dug into the MIB. As for the second (type), I'm at a loss unless I do some external data filtering/summarization based on the known netblocks assigned to each tunnel. This, however, is static and therefore cumbersome to maintain.

Anyone got any ideas? Gee, this might be a good feature in CSPM/NetFlow...

Thanks all.


Paul Forbes

Network Engineer

Trimble Ltd.

Community Member

Re: Monitoring VPN tunnel utilization (a la frame subinterface)

Traffic utilization reports are best provided by your ISP. Any ISP offering MPLS over ATM VPN's can create very robust ulilization reports, ie ports, bandwidth utilization, errors, buffer hits, packet loss, peaks etc.

Cisco's MPLS can make ATM connectionless. Creating fully meshed VPN's by default. This eliminates the need for encryption (IPsec) and firewalls since traffic is not routed over the Internet. All VPN data is dropped to layer 2 and switched, while Internet destined traffic is sent to a gateway.

Since the WAN and Internet traffic are differentiated, reporting on performance becomes seamless.

CreatePlease to create content