cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
905
Views
0
Helpful
5
Replies

internet slowness issue.

syjeon
Level 1
Level 1

We have been implemented guest access net which  was totally seperated on Global routing table with the other site.

That was established by GRE tunnel to transport guest access traffic between backbone and that site.

However, according to requestor, they asked to investigate the GRE tunnel due to internet slowness issue.

the speed of Google page is ok such as small web traffic data, but some of heavy portal such as yahoo load speed is very slow or failed.

I thought that MTU might be caused the issue. Please, check this issue as below configuration between two sites.

(Backbone side)

ip vrf forwarding Guestnet

ip address aa.bbb.0.149 255.255.255.252

ip route-cache flow

tunnel source aaa.bbb.ccc.23

tunnel destination aaa.bbb.ccc.1

tunnel path-mtu-discovery

service-policy input Guestqos

service-policy output Guestqos

!

policy-map Guestqos

  class class-default

   police cir 5000000 bc 156250 be 156250 conform-action transmit

   exceed-action drop violate-action drop

(branch office)

int tunnel 0

ip vrf forwarding gm-supplier

ip address aa.bbb.0.150 255.255.255.252

ip route-cache flow

tunnel source aaa.bbb.ccc.1

tunnel destination aaa.bbb.ccc.23

tunnel path-mtu-discovery

service-policy output GUESTQOS

End

akrctclcs002#sh policy-map GUESTQOS

  Policy Map GUESTQOS

    Class class-default

     police cir 5000000 bc 156250 be 156250 conform-action transmit exceed-action

      drop violate-action drop

show int tunnel 10 on backbone

-snip-

  Tunnel source aaa.bbb.ccc23, destination aaa.bbb.ccc1, fastswitch TTL 255

  Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled

  Tunnel TTL 255

  Checksumming of packets disabled, fast tunneling enabled

  Path MTU Discovery, ager 10 mins, min MTU 92 <-- I strongly suspected that it caused the isssue, but not sure.

  Last input 00:00:01, output 00:08:54, output hang never

  Last clearing of "show interface" counters 2w2d

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

-snip-

Please check it for us.

Thanks.

1 Accepted Solution

Accepted Solutions

Hello,

If its a cisco vpn client, then there is a utility called "Set MTU utility". You set that according to the one set on the tunnel interface & it should work fine.

You can find that utility here Start --> Programs --> CiscoVPNclient --> SetMTU

If you are curious to know whats happening, here goes some information

A basic standard MTU size for an ethernet network is 1500 Bytes, But if the internet connection on which you the VPN client exists could be a PPPoE (kind of) which is around 1492 bytes. You can either set the MTU using SetMTU or change try changing the config on tunnel interface 1492, this may fix.

Hope this helps. Let me know if problem still persists. Will work accordingly.

Thanks

Vivek

View solution in original post

5 Replies 5

hi,

If some sites work and some others don't most probably it is an MTU issue. Try hardcoding the  ip mtu on the GRE tunnel interfaces on both ends. The MTU of 92 is the default minimum since you have PMTU enabled


Command
Purpose

tunnel path-mtu-discovery [age-timer min]  [min-mtu bytes]

Example:

switch(config-if)# tunnel  path-mtu-discovery 25 1500

Enables Path MTU Discovery (PMTUD) on a tunnel interface. The parameters are as follows:

mins—Number of minutes. The range is from 10 to 30. The default is 10.

mtu-bytes—Minimum MTU recognized. The range is from 92 to 65535. The default is 92.

Below is a good link that explain more about resolving MTU issues'

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

HTH

Kishore

Thanks for your inputs.

One more questions if you know, Actaully, 'ip mtu 1400' has been configured on GRE tunnel when we implment tunnel.

but IPSEC vpn client does not work properly.once we remove 'ip mtu 1400' and then IPSEC vpn client works.

we have to provide VPN connection thru GRE tunnel. in this case, Do you have any suggestions MTU size?

Hello,

If its a cisco vpn client, then there is a utility called "Set MTU utility". You set that according to the one set on the tunnel interface & it should work fine.

You can find that utility here Start --> Programs --> CiscoVPNclient --> SetMTU

If you are curious to know whats happening, here goes some information

A basic standard MTU size for an ethernet network is 1500 Bytes, But if the internet connection on which you the VPN client exists could be a PPPoE (kind of) which is around 1492 bytes. You can either set the MTU using SetMTU or change try changing the config on tunnel interface 1492, this may fix.

Hope this helps. Let me know if problem still persists. Will work accordingly.

Thanks

Vivek

Thanks for your time.

Happy to hear that the issue has been resolved.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco