Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

packet loss across DVMPN tunnel on high latency link

We have a dmvpn hub in the states with 150 clients which are working well, but recently we installed a 881 in the UK that is giving me trouble.

I'm able to get consistant pings from my dmvpn hub's outside address to the 881 dmvpn hub's outside address but when we ping across the tunnel it is verrry inconsistant and dropping anywhere from 10-40% of the packets. The tunnel stays up. My though is there is some sort of timeout that need to be adjusted but I'm pretty new to DMVPN. 

here are some pings from the spoke int the UK

ping to outside of dmpvn hub

VPN01#ping x.x.x.x r 500

Type escape sequence to abort.

Sending 500, 100-byte ICMP Echos to 205.161.12.5, timeout is 2 seconds:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Success rate is 99 percent (398/399), round-trip min/avg/max = 132/148/184 ms

ping to dmvpn hub

VPN01#ping 10.1.5.1 r 100

Type escape sequence to abort.

Sending 100, 100-byte ICMP Echos to 10.1.5.1, timeout is 2 seconds:

..!!!!!!!.!!!!!!!!!!!!..!.!!!!..!.!!!!!.!.!.!.!!!.!!..!!!!..!!!!.!!!!!

!!.!!!!!!!!!!!.!!..!!!.!!!.!.!

Success rate is 74 percent (74/100), round-trip min/avg/max = 152/200/376 ms

Here is the config on the spoke

interface Tunnel0

bandwidth 1536

ip address 10.1.5.157 255.255.255.0

ip mtu 1000

ip flow ingress

ip nhrp authentication password

ip nhrp map 10.1.5.1 x.x.x.x

ip nhrp network-id 1

ip nhrp holdtime 600

ip nhrp nhs 10.1.5.1

zone-member security VPN

ip tcp adjust-mss 1360

delay 1000

qos pre-classify

tunnel source FastEthernet4

tunnel destination x.x.x.x

tunnel key 0

tunnel protection ipsec profile PROFILE01 shared

!

Show INT

Tunnel0 is up, line protocol is up

  Hardware is Tunnel

  Internet address is 10.1.5.157/24

  MTU 17882 bytes, BW 1536 Kbit/sec, DLY 10000 usec,

     reliability 255/255, txload 16/255, rxload 23/255

  Encapsulation TUNNEL, loopback not set

  Keepalive not set

  Tunnel source y.y.y.y (FastEthernet4), destination x.x.x.x

   Tunnel Subblocks:

      src-track:

         Tunnel0 source tracking subblock associated with FastEthernet4

          Set of tunnels with source FastEthernet4, 2 members (includes iterators), on interface <OK>

  Tunnel protocol/transport GRE/IP

    Key 0x0, sequencing disabled

    Checksumming of packets disabled

  Tunnel TTL 255, Fast tunneling enabled

  Tunnel transport MTU 1442 bytes

  Tunnel transmit bandwidth 8000 (kbps)

  Tunnel receive bandwidth 8000 (kbps)

  Tunnel protection via IPSec (profile "PROFILE01")

  Last input 00:00:00, output never, output hang never

  Last clearing of "show interface" counters 04:31:24

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 85

  Queueing strategy: fifo (QOS pre-classification)

  Output queue: 0/0 (size/max)

  5 minute input rate 139000 bits/sec, 26 packets/sec

  5 minute output rate 97000 bits/sec, 33 packets/sec

     507939 packets input, 300180423 bytes, 0 no buffer

     Received 0 broadcasts (0 IP multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     455431 packets output, 235850652 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

  • VPN
Everyone's tags (2)
3 REPLIES
New Member

packet loss across DVMPN tunnel on high latency link

VPN01#sh ip cef switching statistics

       Reason                          Drop       Punt  Punt2Host

RP LES No route                          19          0          0

RP LES Packet destined for us             0      39625         98

RP LES No adjacency                     480          0          0

RP LES TTL expired                        0          0      29428

RP LES Fragmentation failed, DF         346          0       1877

RP LES Features                       18434          0      21821

RP LES Unclassified reason               18          0          0

RP LES Neighbor resolution req         1029         20          0

RP LES Tun decap, gre payload             0        187          0

RP LES Fragmentation no pak               0          0      13108

RP LES Total                          20326      39832      66332

All    Total                          20326      39832      66332

New Member

packet loss across DVMPN tunnel on high latency link

I thought maybe it was a packet size issue but i don't think that is the case

VPN01#ping 10.1.5.1 size 100 repeat 100

Type escape sequence to abort.

Sending 100, 100-byte ICMP Echos to 10.1.5.1, timeout is 2 seconds:

!.!!!...!.!..!!!!!!!!!!!!!.!!!!!!!!.!.!!!.!!.!!!!!!!!!!!!!!!!!!!.!!!..

!!!!!!!!!!!!..!!!!!!!.!!!!!.!!

Success rate is 81 percent (81/100), round-trip min/avg/max = 152/190/376 ms

New Member

DMVPN Packet Loss and High

DMVPN Packet Loss and High latency with IPSEC Applied (Cisco-899-LTE Router)

Hello Bob -

Wondering if you ever figured out what your issue is with the 881 router.  We have some 899s in our lab doing the same thing.  With Tunnel Protection latency erratic (high and low) and packet loss a huge problem.  After removing tunnel protection everything works great.  

We have ISR4331 routers running the same encryption scheme on this network using same Underlay with excellent results.

Thank you,

John

652
Views
0
Helpful
3
Replies