Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

high utilization on my IPSec tunnel

I have a GRE over IPSec tunnel that gets high bandwidth utilization every 2-3 days and stays like that for 2-3 days. I look at the traffic using netflow on the 2811 router and 95% of the packets in and out are either GRE or IPSec. I only have two tunnels on this router (tunnel mode). My question is are GRE and IPSec causing the spike in bandwidth and if so what can I do to fix it?

4 REPLIES
Hall of Fame Super Silver

Re: high utilization on my IPSec tunnel

Juan

While NetFlow may report that most of the packets are GRE or IPSec, I doubt that GRE or IPSec are really causing the spike in bandwidth. Other than keepalives (which do not consume much bandwidth) GRE and IPSec do not just send packets spontaneously. They send packets where there is some traffic that needs to be transported. I believe that you will find that something is generating traffic that is using GRE andIPsec. It is what is in the payload of the GRE and IPSec that you need to address.

HTH

Rick

New Member

Re: high utilization on my IPSec tunnel

That's kind of what I thought but how do I find that out? I am using Orion NPM but that doesn't tell me much. Would a sniffer be able to tell me what the actual packets are?

New Member

Re: high utilization on my IPSec tunnel

hi,

IPSEC traffic in encrypted and GRE is encapsulated as we know.

so you may enable the cache flow in inside interface(may be fastethernet- im just gussing as i dont know your network).

Or you must be aware of the intresting traffic defined for IPSEC whihc passes throgh GRE tunnel , where you can ground the source.

A detailed Stdy on ip accounting and Ip cache flow whould probably help you to figureout the same.

Hall of Fame Super Silver

Re: high utilization on my IPSec tunnel

Juan

You were looking at NetFlow running on the outside interface when you saw that the traffic was GRE and IPSec. I agree with Rajeev that if you run NetFlow on the inside interface(es) you will probably see what traffic is increasing and causing the spike.

HTH

Rick

203
Views
0
Helpful
4
Replies