Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Tunnel Problem - NAT with another Router fixes it

Hello!

We are operating a 3600 Software (C3640-I-M), Version 12.3(18), router with a tunnel (standard gre no ecyption) via a leased line to our hq where the ip of our router is registered.

we have a quite bad performance with this tunnel (5 mb leased line we get only 1.5 mbit)

when we remove the tunnel and connect this router via another router that does NAT on the leased line, everything is fine!

:-(

3 REPLIES
Hall of Fame Super Blue

Re: Tunnel Problem - NAT with another Router fixes it

Hi

Have you tried lowering the mtu on the GRE tunnel interface at both ends as GRE does add an overhead to the IP packet.

Try lowering the mtu to 1476 and see if that helps ie.

int tunnel1

ip mtu 1476

HTH

Jon

New Member

Re: Tunnel Problem - NAT with another Router fixes it

hello john!

well yes. but we find a strange problem that we cannot access soe sites from the pcs behind the router.

for example msn messenger and some websites do *not* work. i also think its an mtu problem bbut i do not know how to systematically fix it...

Re: Tunnel Problem - NAT with another Router fixes it

Hi,

I think the default mtu of gre tunnel is 1476. Try "ip mtu 1500" I always use this over MPLS and over IPSec through internet, so far so good.

BTW, you didn't mentioned the configured mtu in your GRE Tunnel, so I assume you are using the default which is 1476.

However "ip mtu 1500" causes the packet to be defragmented. The router in the other end need to reassemble the gre tunnel packets before it can remove the gre tunnel header and forward it to inner packet. This process is done in process-switch mode and uses memory. For high end devices, this is almost unnoticed but for low end devices (and older models) with multiple gre tunnel configured you will notice the slow throughput performance. Fire up "cef" for better performance.

Regards,

Dandy

97
Views
0
Helpful
3
Replies