Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

High cpu consumption with GRE over IPSEC

Hi all,

     After applying a gre over ipsec tunnel on one of our branch office, we get high cpu consumption (average 90%).

Tunnel is applied between Cisco 2851 (C2800NM-ADVIPSERVICESK9-M), Version 12.4(24)T2, (fc2) and

Cisco CISCO2921/K9 Version 15.0(1)M3.

Config of the tunnet is as follow :

- authentication pre-share

- encryption aes 256

- hash : sha

- transform set : esp-aes esp-sha-hmac mode transport

Routing process is eigrp.

Could anyone please help me on solving this issue?

5 REPLIES
Cisco Employee

High cpu consumption with GRE over IPSEC

First of all you need to check what process (or IO) is causing CPU utilization.

show proc cpu sort 

would be the way to start.

New Member

High cpu consumption with GRE over IPSEC

Hi,

these process consum the higher cpu time : Crypto support (21%) ; Pool Manager (14%) ; IP Input (9%)

Thanks

Cisco Employee

High cpu consumption with GRE over IPSEC

If I had to guess this would mean there's some fragmentation/reassambly going on.

Did you lower MTU and MSS on the tunnel interface? I would also suggest checking with tunnel PMTUD.

New Member

High cpu consumption with GRE over IPSEC

Hi,

yes, we substracted the mtu value and mms adjust by  40.

I will check this tunnel PMTDU.

Thanks,

Cisco Employee

High cpu consumption with GRE over IPSEC

Cool, good start.

Check "show ip traffic" on both sides, it would be interesting to see what's going on.

BTW the CPU usage of top process doesn't add up to 90%, there's a possibility it's traffic rate/pattern + features (IP input and pool manager would suggest that).

301
Views
4
Helpful
5
Replies
CreatePlease to create content