I have an issue which I hope somebody can help me out with.
The issue is on a Cisco 3925E router running IOS 15.1(4)M3. I've never used the 'E' variant of this router or this IOS so I'm wondering if what I'm seeing is simply an IOS bug where it's reporting something that is not actually happening.
My router is connected to a service provider managed MPLS cloud. It's a 50meg circuit connected to the router with Ethernet handoff.
Gig0/2 is the physical interface. I'm running BGP across the cloud to my other WAN routers.
Tunnel 1202 is DMVPN tunnel. I'm running EIGRP inside the tunnels to route between all my sites.
Everything appears to be working but the router is reporting output drops on the tunnel interface. The physical interface is fine - no errors or drops.
The link is not congested. Infact it rarely goes above 2meg in or out.
In around 6 hours, the tunnel has reported over 3,600 output drops. However, "show ip traffic" shows 0 files that could not be fragmented and only 205 ICMP unreachables so I don't think MTU and fragmentation is at fault here. For info we set the MTU of the tunnel to 1400 and use "ip tcp adjust-mss 1360" on the tunnel and the LAN facing interfaces.
As well as the obvious output drops on the tunnel, the other strange thing I'm seeing is the MTU is reported as being 17854 bytes??? However, further down the "show interface Tu1202" output, it states the tunnel transport MTU to be 1414 bytes.
For clarity I've included the "show run int tu1202" and "show int tu1202".
Please let me know if you have any clues as this is doing my head in!!!!!!
Thanks very much,
Router01#sh run int tu1202 Building configuration...
Current configuration : 864 bytes ! interface Tunnel1202 description *** DMVPN Tunnel *** bandwidth 51200 ip address x.x.x.x 255.255.255.0 no ip redirects ip mtu 1400 ip pim sparse-dense-mode ip bandwidth-percent eigrp 1 75 ip hello-interval eigrp 1 15 ip hold-time eigrp 1 45 ip flow ingress ip nhrp authentication XXXXXXXX ip nhrp map multicast x.x.x.x ip nhrp map x.x.x.x x.x.x.x ip nhrp map multicast x.x.x.x ip nhrp map x.x.x.x x.x.x.x ip nhrp network-id xxxx ip nhrp holdtime 300 ip nhrp nhs x.x.x.x ip nhrp nhs x.x.x.x ip tcp adjust-mss 1360 ip summary-address eigrp 1 x.x.x.x 255.255.255.0 tunnel source GigabitEthernet0/2 tunnel mode gre multipoint tunnel protection ipsec profile AES_SHA hold-queue 1000 in hold-queue 1000 out end
Router01#sh int tu1202 Tunnel1202 is up, line protocol is up Hardware is Tunnel Description: *** DMVPN Tunnel *** Internet address is x.x.x.x/24 MTU 17854 bytes, BW 51200 Kbit/sec, DLY 50000 usec, reliability 255/255, txload 5/255, rxload 6/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source x.x.x.x (GigabitEthernet0/2) Tunnel Subblocks: src-track: Tunnel1202 source tracking subblock associated with GigabitEthernet0/2 Set of tunnels with source GigabitEthernet0/2, 1 member (includes iterators), on interface <OK> Tunnel protocol/transport multi-GRE/IP Key disabled, sequencing disabled Checksumming of packets disabled Tunnel TTL 255, Fast tunneling enabled Tunnel transport MTU 1414 bytes Tunnel transmit bandwidth 8000 (kbps) Tunnel receive bandwidth 8000 (kbps) Tunnel protection via IPSec (profile "AES_SHA") Last input 00:00:00, output never, output hang never Last clearing of "show interface" counters 05:21:06 Input queue: 0/1000/0/0 (size/max/drops/flushes); Total output drops: 3341 Queueing strategy: fifo Output queue: 0/1000 (size/max) 5 minute input rate 1311000 bits/sec, 247 packets/sec 5 minute output rate 1065000 bits/sec, 228 packets/sec 15465701 packets input, 3786181722 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 14299240 packets output, 4160770083 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out Router01#
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...