BW showing under Tunnel Interface
Hi,
I've been looking through our VPN Tunnel Interfaces and noticed all of them have the same BW of 9Kbit. Where is this figure derived from?
sh int tu17
Tunnel17 is up, line protocol is up
Hardware is Tunnel
Description: Tunnel to M
Internet address is 172.27.240.61/30
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 180/255, rxload 110/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel protocol/transport GRE/IP
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
It's a platform/IOS default. It can be changed using the interface bandwidth statement (on the tunnel interface).
Similar Messages
-
DMVPN + IPSec protected VRFs; IPSec SAs established only on one tunnel interface
Hello folks!
I have a setup between two Cisco ISR routers, running IOS 15.1(4)M3. I have tried to establish DMVPN connectivity with two VRFs (ie. two tunnel interfaces per router) between the routers and it mostly seems to be working as I expected. But... IPSec SAs seem to get tied to only one of the tunnel interface, not two (one per direction) per tunnel interface as they should. There's no MPLS backbone in between the routers, only "global VRF", routed IP network.
Command "show crypto ipsec sa" or indirectly a missing OSPF neighborhood between the routers verifies the erroneuous situation. Occasionally, after an "interface tunnel[ 0 or 1] shut, no shut" or "clear crypto sa" command I seem to get it up and running, two SAs per tunnel interface, but if I reboot either one of the routers or just clear the IPSec SA, they most likely will appear under either one of two tunnel interfaces. So, what should I change to instruct the router setup SAs correctly, two SAs (one per direction) per tunnel interface?
I'll enclose appropriate parts of the configurations and output of command "show crypto ipsec sa".I think I figured it out, for anyone who might stumble across this post in the future. It looks like you need to add the shared keyword to the tunnel protection command. ie...
interface tunnel 0
tunnel protection ipsec profile MyProfile shared
end
I should note that one of the first things I tried was to created a separate IPSec profile for each unique tunnel interface. It ended up not fixing the problem and I had to go with the solution above. -
Where did these tunnel interfaces come from?!?
Hello,
just wondering why one of our routers creates tunnel interfaces dynamically.
I was setting up a GRE tunnel to transport multicast traffic over network. After I was done, I found two extra tunnel interfaces with command show ip interfaces brief and those extra interfaces uses my original tunnel interface as their IP addresses. There is no any configuration regarding to these extra interfaces in running config. How did this happen? Any explanations? Is it relating somehow to my multicast solution?
If I got two dynamically created tunnels does that mean that I have at least two concurrent multicast groups on my router in active state?
Sorry for dummy questions but I have almost zero experience what comes for multicast and last time I studied it in school about 8 year ago...
-JJHi,
These are created dynamically, one to encapsulate multicast packets and the other one to decapsulate. You can see them with the command < show ip pim tunnel > . You can find the description and purpose of these tunnels here:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti/command/imc-cr-book/imc_s1.html#wp9533023710
Hope this helps,
Jose. -
Transmit Discards on Tunnel Interface Cisco 2851
Hi, wondered if anyone could shed any light on this?
We have a two 2851 routers at two seperate branches that connect via a vpn tunnel back to the head office. When lookking at the tunnel interface it shows a lot of transmit discards which are there constantly and increase as traffic levels go up.
I have read that this is due to congestion however we are'nt using that much bandwidth at all.
one site has 100mb private circuit and the other has 10mb both of which are never more than 30% utilised
any thoughts?
thanks[url=http://membres.lycos.fr/ishbjndm/washingtondbd.html] washington [/url]
[url=http://members.lycos.nl/fzxhunpv/washington7bc.html] washington [/url]
[url=http://members.lycos.nl/fzxhunpv/washingtonc17.html] washington [/url]
[url=http://members.lycos.nl/fzxhunpv/washington47d.html] washington [/url]
[url=http://members.lycos.nl/fzxhunpv/washington123.html] washington [/url]
[url=http://members.lycos.nl/fzxhunpv/washingtoncbb.html] washington [/url]
[url=http://members.lycos.nl/fzxhunpv/washington6a2.html] washington [/url]
[url=http://members.lycos.nl/fzxhunpv/washington73f.html] washington [/url]
[url=http://dnbvako.zotzoo.com/washingtondae.html] washington [/url]
[url=http://dnbvako.zotzoo.com/washington844.html] washington [/url]
[url=http://dnbvako.zotzoo.com/washington4e3.html] washington [/url]
[url=http://dnbvako.zotzoo.com/washingtonb8e.html] washington [/url]
[url=http://dnbvako.zotzoo.com/washington206.html] washington [/url]
[url=http://dnbvako.zotzoo.com/washingtond0a.html] washington [/url]
[url=http://dnbvako.zotzoo.com/washington8fa.html] washington [/url]
[url=http://gcqdamu.zizhost.com/washington12f.html] washington [/url]
[url=http://gcqdamu.zizhost.com/washingtond66.html] washington [/url]
[url=http://gcqdamu.zizhost.com/washingtonfc2.html] washington [/url]
[url=http://gcqdamu.zizhost.com/washington55d.html] washington [/url]
[url=http://gcqdamu.zizhost.com/washington1c2.html] washington [/url]
[url=http://gcqdamu.zizhost.com/washington6a6.html] washington [/url]
[url=http://gcqdamu.zizhost.com/washington17d.html] washington [/url]
[url=http://ytieutu.wipou.com/washington03c.html] washington [/url]
[url=http://ytieutu.wipou.com/washingtoneb9.html] washington [/url]
[url=http://ytieutu.wipou.com/washingtonb3f.html] washington [/url]
[url=http://ytieutu.wipou.com/washington4e8.html] washington [/url]
[url=http://ytieutu.wipou.com/washington0c7.html] washington [/url]
[url=http://ytieutu.wipou.com/washington241.html] washington [/url]
[url=http://ytieutu.wipou.com/washingtonfe3.html] washington [/url]
[url=http://poaheif.webheri.net/washington737.html] washington [/url]
[url=http://poaheif.webheri.net/washington3ca.html] washington [/url]
[url=http://poaheif.webheri.net/washingtonda1.html] washington [/url]
[url=http://poaheif.webheri.net/washington474.html] washington [/url]
[url=http://poaheif.webheri.net/washington368.html] washington [/url]
[url=http://poaheif.webheri.net/washington6af.html] washington [/url]
[url=http://poaheif.webheri.net/washington189.html] washington [/url]
[url=http://fztodds.24fast.info/washington09d.html] washington [/url] -
Netflow with tunnel interfaces
Hi I have a customer who is using tunnel interfaces with IPSEC on their WAN. They are collecting Netflow stats and exporting them to a server.Under the tunnel interface I have specified the bandwidth to be 1000.When I did not specify the bandwidth the tunnel speed came up on the management software as being 9kb. This was obviously not a true reflection when observing the data. The far end remote office is terminating via dsl and my question is should I specify the bandwidth under the tunnel interface to be closer to the dsl connection they have there ie 512k? There are many other tunnels coming from the main site and I have not configured Netflow on the this particular remote end.
Hi Justin,
If we would define bandwidth on tunnel interface it will manipulate routing decisions also and tunnel recursiuon issue could also occur where tunnel would see that the best way to reach teh destination is via tunnel itself. Beside taht the actual bandwidth used by the tunnel is based on the physical interface associated with it. -
EEM Tracking two tunnel interfaces at the same time
Hi Everyone,
luckly i just got introduced to EEM lately, and i was wondering how life saver this would be in alot of enviroments..
I am trying to write an EEM to monitor two out of three tunnel interfaces if they went down i'd like to perform an action on the third interface.
i went through online posts and saw there was "event track" under the EEM, but when i login to any of my routers i can't see this, i dont get the option track.
here is what i want to do..
monitor tunnel 100 and tunnel 200 - if the line protocol went down or there are no routing information recieved on them action is to unshut tunnel 300 and tunnel 400
thanks guys for help in advanceHi,
Here is an example that does something similar:
track 10 interface Ethernet0/0 line-protocol
delay up 10
track 11 interface Ethernet0/1 line-protocol
delay up 10
track 12 interface Ethernet0/2 line-protocol
delay up 10
track 13 interface Ethernet0/3 line-protocol
delay up 10
track 19 list threshold percentage
object 10
object 11
object 12
object 13
threshold percentage down 51 up 100
event manager applet DOWN
event track 19 state down
action 1.0 cli command "enable"
action 1.1 cli command "conf t"
action 2.0 cli command "int lo100"
action 2.1 cli command "shut"
action 9.0 syslog priority alerts msg "SWITCHOVER TRIGGER"
event manager applet UP
event track 19 state up
action 1.0 cli command "enable"
action 1.1 cli command "conf t"
action 2.0 cli command "int lo100"
action 2.1 cli command "no shut"
action 9.0 syslog priority alerts msg "PREEMPT TRIGGER“ -
Dual stack on tunnel interface
Is it possible to run dual stack IP schemes over an ipsec-protected tunnel interface on IOS? I am able to assign the IPv6 addresses like a normal interface on both ends however when i try to ping across the tunnel with IPv6 there is no response. Here is an example of my config:
R1
interface Tunnel0
description Tunnel to R2
ip address 172.30.1.237 255.255.255.252
ip mtu 1400
ip nat inside
ip virtual-reassembly
load-interval 30
ipv6 address FE80::172:30:1:1 link-local
ipv6 address 2001:1::172:30:1:1/126
keepalive 5 4
tunnel source GigabitEthernet0/1
tunnel mode ipsec ipv4
tunnel destination 1.2.3.4
tunnel protection ipsec profile protect-gre
R2
interface Tunnel0
description Tunnel to R1
ip address 172.30.1.238 255.255.255.252
ip mtu 1400
ip nat inside
ip virtual-reassembly
load-interval 30
ipv6 address 2001:1::172:30:1:2/126
ipv6 address FE80::172:30:1:2 link-local
keepalive 5 4
tunnel source FastEthernet0/1
tunnel destination 1.2.3.5
tunnel mode ipsec ipv4
tunnel protection ipsec profile protect-gre
The only solution i can clearly see is running a separate tunnel, which i would like to avoid. Any assistance is greatly appreciated!Hello,
In my System preferences the IPv6 settings are set to "automatic", my DSL router (Cisco 787) supports IPv6. When visiting sites like www.sixxs.net and www.apnic.org (which are reachable by both IPv6 and IPv4), some pages are reached by IPv6 and some by IP4. Even the same page may load in IPv6 first, but a second time via IPv4. This behaviour has changed since my upgrade to Leopard, under Tiger the behaviour was much more stable.
Gerard -
Disappearing tunnel keepalives with tunnel interface in vrf
Dear all
I have an annoying problem with a gre tunnel using keepalives and the tunnel interface on the PE residing in a vrf.
The background for my setup is an ethernet WAN link to our customer where the interface doesn't go down when the link fails.
Therefore I want to use an gre tunnel with keepalive in order to use static routes.
The tunnel setup is as follows:
1. PE, 6509, Sup720, IOS 12.2(18)SXF7
interface FastEthernet8/13
ip address xx.yy.zz.241 255.255.255.252
speed 10
duplex full
no mop enabled
interface Tunnel813
ip vrf forwarding CUSTOMER
ip address 10.0.0.101 255.255.255.252
keepalive 5 3
tunnel source xx.yy.zz.241
tunnel destination xx.yy.zz.242
end
2. CE, 1803, IOS 12.4(15)T8
interface FastEthernet0
bandwidth 5000
ip address xx.yy.zz.242 255.255.255.252
speed 10
full-duplex
interface Tunnel0
ip address 10.0.0.102 255.255.255.252
keepalive 5 3
tunnel source xx.yy.zz.242
tunnel destination xx.yy.zz.241
The problem is PE sends and receives keepalives and brings up the tunnel. CE on the other hand sends but doesn't receive keepalives.
As far as I have learned from former discussions the problem comes from tunnel and physical interface belonging to different routing instances. If I put the tunnel interface on PE into the global routing instance all the keepalives reach their destinations as expected.
I read about a solution involving "tunnel vrf" on th etunnel configuration. This command is not present in my IOS version but AFAIK it is only necessary for having the underlying physical interface in a vrf as well.
Furthermore I read about "mls mpls tunnel-recir" but I am not sure whether this might solve the issue here. And equally important: Can I safely turn on this feature on a running system with quite a lot of vrf customers without any trouble?
Any hint and/or advise is greatly appreciated here.
Thanks a lot in advance,
GrischaWow, this is old, but...
While they may or may not be officially supported, GRE tunnels do work with vrf's if you both put the tunnel interface in the VRF AND the physical interface the tunnel runs over, AND use the tunnel vrf command. Then everything is in the same routing table and it works. For example:
PE:
vrf definition vrf1
rd 1:1
address-family ipv4
route-target export 1:1
route-target import 1:1
exit-address-family
interface Ethernet0/0
vrf forwarding vrf1
ip address 192.168.1.1 255.255.255.0
interface Tunnel1
vrf forwarding vrf1
ip address 1.1.1.1 255.255.255.252
keepalive 1 3
tunnel source Ethernet0/0
tunnel destination 192.168.1.2
tunnel vrf vrf1
router bgp 12345
bgp log-neighbor-changes
address-family vpnv4
! Provider stuff - i.e., route reflector for MPLS network
exit-address-family
address-family ipv4 vrf vrf1
neighbor 1.1.1.2 remote-as 64512
neighbor 1.1.1.2 activate
neighbor 1.1.1.2 default-originate
exit-address-family
CE:
interface Ethernet0/0
ip address 192.168.1.2 255.255.255.0
interface Tunnel1
ip address 1.1.1.2 255.255.255.252
keepalive 1 3
tunnel source Ethernet0/0
tunnel destination 192.168.1.1
router bgp 64512
bgp log-neighbor-changes
! network statements perhaps
! redistribute static perhaps
neighbor 1.1.1.1 remote-as 12345
neighbor 1.1.1.1 update-source Tunnel1
neighbor 1.1.1.1 soft-reconfiguration inbound
Of course you don't need to run BGP, but you can. -
DMVPN in Cisco 3945 output drop in tunnel interface
I configured DMVPN in Cisco 3945 and checked the tunnel interface. I found out that I have output drop. How can I remove that output drop? I already set the ip mtu to 1400.
CORE-ROUTER#sh int tunnel 20
Tunnel20 is up, line protocol is up
Hardware is Tunnel
Description: <Voice Tunneling to HO>
Internet address is 172.15.X.X./X
MTU 17878 bytes, BW 1024 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10.15.X.X (GigabitEthernet0/1)
Tunnel Subblocks:
src-track:
Tunnel20 source tracking subblock associated with GigabitEthernet0/1
Set of tunnels with source GigabitEthernet0/1, 1 member (includes iterators), on interface <OK>
Tunnel protocol/transport multi-GRE/IP
Key 0x3EA, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1438 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Tunnel protection via IPSec (profile "tunnel_protection_profile_2")
Last input 00:00:01, output never, output hang never
--More-- Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 7487
Queueing strategy: fifo
Output queue: 0/0 (size/max)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
48007 packets input, 4315254 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
42804 packets output, 4638561 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
interface Tunnel20
description <Bayantel Voice tunneling>
bandwidth 30720
ip address 172.15.X.X 255.255.255.128
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 20
no ip split-horizon eigrp 20
ip nhrp authentication 0r1x@IT
ip nhrp map multicast dynamic
ip nhrp network-id 1002
ip nhrp holdtime 300
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0/1
tunnel mode gre multipoint
tunnel key 1002
tunnel protection ipsec profile tunnel_protection_profile_2 sharedHi,
Thanks for the input. If the radio is sending out the packet but client did not receive, not output drop should be seen since packet is sent out, right?
From my understanding, output drop is related to congested interface. Outgoing interface cannot take the rate packets coming in and thus droping it. What I don't understand is input and output rate has not reached limit yet. Also input queue is seeing drop of packet as well even though input queue is empty.
Any idea? -
Photoshop CC2014 running under window 8.1. How do I access mini bridge. It does not show under FILE or WINDOW-EXTENSIONS. Works ok with CS6
Photoshop: Spring Cleaning | PHOTOSHOP.COM BLOG
-
Hi, I am using my icloud on my iphone but am unable to find it on my mac book pro. It's not under my system preferences like it shows under the setup. Can I download it again? Or something. I just need to backup some files on my computer and am unable.
The minimum requirement for iCloud is Lion 10.7.5 (Mavericks preferred): the iCloud Preference Pane does not appear on earlier systems - the MobileMe pane appears on Lion and earlier but is now non-functional - you cannot now open or access a MobileMe account.
To make use of iCloud you will have to upgrade your Mac to Lion or Mavericks, provided it meets the requirements.
The requirements for Lion are:
Mac computer with an Intel Core 2 Duo, Core i3, Core i5, Core i7, or Xeon processor
2GB of memory
OS X v10.6.6 or later (v10.6.8 recommended)
7GB of available space
Lion is available in the Online Apple Store ($19.99). Mountain Lion (10.8.x) is also available there at the same price but there seems little point as the system requirements are the same for Mavericks (10.9.x) - which is free - unless you need to run specific software which will run on Mountain Lion only.
The requirements for Mountain Lion and Mavericks are:
OS X v10.6.8 or later
2GB of memory
8GB of available space
and the supported models are:
iMac (Mid 2007 or newer)
MacBook (Late 2008 Aluminum, or Early 2009 or newer)
MacBook Pro (Mid/Late 2007 or newer)
Xserve (Early 2009)
MacBook Air (Late 2008 or newer)
Mac mini (Early 2009 or newer)
Mac Pro (Early 2008 or newer)
It is available from the Mac App Store (in Applications).
You should be aware that PPC programs (such as AppleWorks) will not run on Lion or above; and some other applications may not be compatible - there is a useful compatibility checklist at http://roaringapps.com/apps:table -
I need help from some Apple people. I have an iPod Touch and I wanted to load it up with some fresh music but I currently don't have a PC. I found an app that would allow me to connect to my 2TB network drive directly and I was able to transfer a bunch of music files to the iPod. Unfortunately, these new files do not show under the Music app and I can't seem to find any way to convince the iPod that they are music. I can play them through the file manager only. Android doesn't have this problem, any music I put on my phone is recognized as music and can be played through any of the music apps. Am I missing something or is Apple to inflexible to handle this?
You can't. The only way to get songs in the Music app is to sync from a computer or to download from iTunes.
-
I just purchased an ipad. When I plug it in to my computer it won't show under devices in itunes. I already have itunes set up for my ipod touch. I just want to share the music etc thats already there with both devices. How do I get my computer to recognize that the ipad is there?
The latest model requires iTunes 10.7 or higher. Check iTunes to make sure you're running a compatible version. If so, see:
iOS device not recognized in iTunes for Mac
iOS device not recognized in iTunes for Windows -
I have the newest version of the iPad and can not see it under devices in my iTunes account on my PC. I can however see my iPod touch under devices and sync it. How can I get my iPad to show under devices and sync as well? I have also tried may suggestions on the apple support site and none have worked. Any suggestions are welcome.
You need iTunes version 11+.
iPad not appearing in iTunes
http://www.apple.com/support/ipad/assistant/itunes/
iOS: Device not recognized in iTunes for Mac OS X
http://support.apple.com/kb/TS1591
iOS: Device not recognized in iTunes for Windows
http://support.apple.com/kb/TS1538
How to restart the Apple Mobile Device Service (AMDS) on Windows
http://support.apple.com/kb/TS1567
IOS: Syncing with iTunes
http://support.apple.com/kb/HT1386
Apple - Support - iPad - Syncing
http://www.apple.com/support/ipad/syncing/
Cheers, Tom -
Looking for a better solution that tunnel interface
Hi
acctualy I have a Vsat connection between my remote site and central office
on both site we have router and sat modem
I have now a tunnel interface between my two routers,I am looking for a better idea,,hi...
so you have tunnel interface between your two router so now what are you looking for...?
secure IPsec connection or what???
please explaine in details
regards
Devang
Maybe you are looking for
-
How can I create a new layer that is a gradient?
Hi, i'm very new to photoshop scripting and am having some trouble. I'm looking for a way to take an image i have and set it to have a gradient opacity as it approaches the middle, my thought on how to do that was to just create a layer that is a gra
-
I cannot find serial number to get into support
My keyboard isn't working. Locked out of computer. Cannot find serial number so I may contact support
-
Where are my questions and the replies?
where are my questions and the replies?
-
how can i format my macbook 10.5.8 to snow leopord i am doing first time format how its process and do i need to formet or upgrade and i have a snow leopard DVD???
-
i want to verify account