Transmit Discards on Tunnel Interface Cisco 2851

Similar Messages

• Transmit discards issue

  Hi
  Our monitoring tool (solar wind) is showing Transmit discards on the interface between border router ( ASR1004) and core switch (WS-C6509-E).
  But i don't see the error when i check the router or switch.
  NODE    INTERFACE        Rx_ERRORS    Rx_DISCARDS    Tx_ERRORS    Tx_DISCARDS
  Router    Te0/0/0 to Sw      0 error                 0 discards              0 error                28,757,546 discards
  Regards
  Logesh

  Hi
  Want to mention that we have configured few sub-interfaces too.
  border router#sh interface Ten 0/0/0
  TenGigabitEthernet0/0/0 is up, line protocol is up
    Hardware is SPA-1X10GE-L-V2, address is bc17.6579.e277 (bia bc17.6579.e277)
    Description: *te0/0/0* - *to coreswitch,te3/3*
    MTU 1500 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
       reliability 255/255, txload 20/255, rxload 20/255
    Encapsulation 802.1Q Virtual LAN, Vlan ID  1., loopback not set
    Keepalive not supported
    Full Duplex, 10000Mbps, link type is force-up, media type is 10GBase-SR/SW
    output flow-control is on, input flow-control is on
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/375/1238/1719 (size/max/drops/flushes); Total output drops: 2673209411
    Queueing strategy: Class-based queueing
    Output queue: 0/40 (size/max)
    30 second input rate 811050000 bits/sec, 197425 packets/sec
    30 second output rate 808476000 bits/sec, 197267 packets/sec
       5216106870671 packets input, 2735320776306911 bytes, 0 no buffer
       Received 542360263 broadcasts (0 IP multicasts)
       0 runts, 0 giants, 0 throttles
       0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
       0 watchdog, 1147197616 multicast, 0 pause input
       5211621651445 packets output, 2726859315982820 bytes, 0 underruns
       0 output errors, 0 collisions, 2 interface resets
       0 unknown protocol drops
       0 babbles, 0 late collision, 0 deferred
       0 lost carrier, 0 no carrier, 0 pause output
       0 output buffer failures, 0 output buffers swapped out

• DMVPN in Cisco 3945 output drop in tunnel interface

  I configured DMVPN in Cisco 3945 and checked the tunnel interface. I found out that I have output drop. How can I remove that output drop? I already set the ip mtu to 1400.
  CORE-ROUTER#sh int tunnel 20
  Tunnel20 is up, line protocol is up
    Hardware is Tunnel
    Description: <Voice Tunneling to HO>
    Internet address is 172.15.X.X./X
    MTU 17878 bytes, BW 1024 Kbit/sec, DLY 50000 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation TUNNEL, loopback not set
    Keepalive not set
    Tunnel source 10.15.X.X (GigabitEthernet0/1)
     Tunnel Subblocks:
        src-track:
           Tunnel20 source tracking subblock associated with GigabitEthernet0/1
            Set of tunnels with source GigabitEthernet0/1, 1 member (includes iterators), on interface <OK>
    Tunnel protocol/transport multi-GRE/IP
      Key 0x3EA, sequencing disabled
      Checksumming of packets disabled
    Tunnel TTL 255, Fast tunneling enabled
    Tunnel transport MTU 1438 bytes
    Tunnel transmit bandwidth 8000 (kbps)
    Tunnel receive bandwidth 8000 (kbps)
    Tunnel protection via IPSec (profile "tunnel_protection_profile_2")
    Last input 00:00:01, output never, output hang never
   --More--           Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 7487
    Queueing strategy: fifo
    Output queue: 0/0 (size/max)
    30 second input rate 0 bits/sec, 0 packets/sec
    30 second output rate 0 bits/sec, 0 packets/sec
       48007 packets input, 4315254 bytes, 0 no buffer
       Received 0 broadcasts (0 IP multicasts)
       0 runts, 0 giants, 0 throttles
       0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
       42804 packets output, 4638561 bytes, 0 underruns
       0 output errors, 0 collisions, 0 interface resets
       0 unknown protocol drops
       0 output buffer failures, 0 output buffers swapped out
  interface Tunnel20
   description <Bayantel Voice tunneling>
   bandwidth 30720
   ip address 172.15.X.X 255.255.255.128
   no ip redirects
   ip mtu 1400
   no ip next-hop-self eigrp 20
   no ip split-horizon eigrp 20
   ip nhrp authentication 0r1x@IT
   ip nhrp map multicast dynamic
   ip nhrp network-id 1002
   ip nhrp holdtime 300
   ip tcp adjust-mss 1360
   tunnel source FastEthernet0/0/1
   tunnel mode gre multipoint
   tunnel key 1002
   tunnel protection ipsec profile tunnel_protection_profile_2 shared

  Hi,
  Thanks for the input. If the radio is sending out the packet but client did not receive, not output drop should be seen since packet is sent out, right?
  From my understanding, output drop is related to congested interface. Outgoing interface cannot take the rate packets coming in and thus droping it. What I don't understand is input and output rate has not reached limit yet. Also input queue is seeing drop of packet as well even though input queue is empty.
  Any idea?

• How to create tunnel in cisco router

  Please give me command wise configuration about creating tunnel in router as:
  tunnel ip address:-
  destination ip
  source ip:-
  any other command

  Hello Sunil,
  I guess what Jed wants to stress is that prior to IOS 12.2(8)T, a tunnel interface would not go down even if the underlying physical connection would go down. As of IOS 12.2(8)T, you can configure keepalives on the tunnel interface, which cause the interface to go down when the keepalives are missed.
  Check this document for details:
  Cisco IOS Software Releases 12.2 T
  Generic Routing Encapsulation (GRE) Tunnel Keepalive
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087cec.html
  As for the tunnel configuration itself, in addition to a basic GRE tunnel as mentioned in the post above, there are additional ways to configure a tunnel. In the links below, you find many configuration examples:
  Generic Routing Encapsulation (GRE)
  Introduction
  http://www.cisco.com/en/US/customer/tech/tk827/tk369/tk287/tsd_technology_support_sub-protocol_home.html
  IPSec Negotiation/IKE Protocols
  Configuration Examples and TechNotes
  http://www.cisco.com/en/US/customer/tech/tk583/tk372/tech_configuration_examples_list.html
  Regards,
  GNT

• 'no ip route-cache' on Tunnel interfaces

  Hi,
  A quick and hopefully simple question. Is there any reason why 'no ip route-cache' and 'no ip mroute-cache' should be configured on Tunnel interfaces?
  Generally, when should 'no ip route-cache' be configured on an interface?
  Many thanks,
  Andy

  Andy, no easy question, and prety much send some of us back to basics.. one have to take a deeper look at this command to barely get a good picture. See first link thread , good discussion on your question.. generaly no ip- route-catch improves performance for router forwarding processing desitions.
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&topicID=.ee71a06&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbfa166
  You can find more details on three types of switching methods such as ( fast switching by ip route catch command ), I believe it helps understand better the commands.
  http://www.cisco.com/en/US/tech/tk827/tk831/technologies_white_paper09186a00800a62d9.shtml
  Another instance where you would have IP route catch enable on an interface would be for the use of netflow, IP route-cacth command on an interface is requirement for implementing netflow .
  Rgds
  -Jorge

• Where did these tunnel interfaces come from?!?

  Hello,
  just wondering why one of our routers creates tunnel interfaces dynamically.
  I was setting up a GRE tunnel to transport multicast traffic over network. After I was done, I found two extra tunnel interfaces with command show ip interfaces brief and those extra interfaces uses my original tunnel interface as their IP addresses. There is no any configuration regarding to these extra interfaces in running config. How did this happen? Any explanations? Is it relating somehow to my multicast solution?
  If I got two dynamically created tunnels does that mean that I have at least two concurrent multicast groups on my router in active state?
  Sorry for dummy questions but I have almost zero experience what comes for multicast and last time I studied it in school about 8 year ago...
  -JJ

  Hi,
  These are created dynamically, one to encapsulate multicast packets and the other one to decapsulate. You can see them with the command < show ip pim tunnel > . You can find the description and purpose of these tunnels here:
  http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti/command/imc-cr-book/imc_s1.html#wp9533023710
  Hope this helps,
  Jose.

• Using Tunnel interface on Router

  Hi Everyone,
  I see hew Tunnel  interface on Router.
  Router is Running OSPF.
  It has no crypto statemets.
  tunnel configuration
  interface Tunnel1
  ip address 10.4.x.x x.x.x.x
  delay 7
  tunnel source Loopback1
  tunnel destination 10.4.x.x
  My question is when we use Tunnel interface without any crypto statemets?
  Thanks
  MAhesh

  This Tunnel is a plain GRE-Tunnel. These are typically used without crypto when:
  1) The traffic is not sent through an untrusted network and a cryptographic protection is not needed.
  2) The GRE-traffic gets encrypted on a separate device if the GRE-Endpoint is not capable of doing the needed cryptographic protection.
  Sent from Cisco Technical Support iPad App

• Monitoring tunnel interface traffic

  We've integrated WLSM with IDSM-2 and want to monitor wireless traffic terminating on tunnel interfaces. Can't find a way to configure SPAN or VACL on IOS 6500 to capture traffic. Any suggestions?

  Try this:
  http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a0080459221.html

• Dynamic virtual tunnel interface on 2821

  I tried to configure a dynamic virtual tunnel interface on a Cisco 2821 with release 12.4(9)T1 advanced ip services, aiming to terminate VPN client ipsec tunnels on it.
  The feature is supported by this software release. Documentation says:
  - enter configuration
  - configure a virtual-template interface
  - type "tunnel mode <mode>"
  but the router does not accept this command.
  Any hint?
  Thank you in advance.
  Denis

  Try:
  just have to take a look at the concentrator's configuration.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00801ae24c.shtml
  and this one is an example with routers
  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080143b0a.shtml

• Cisco 2851 with 2-SFP ??

  Hi All,
  First of All wishing you all Very Happy new year!!!!
  I want to whether is it possible to connect 2-HWIC-SFP ( 1GB ) modules to Cisco 2851 Router ???

  Only one.   See below (Table 3).
  Cisco Gigabit Ethernet High-Speed WAN Interface Card

• High Transmit discards on 1131AG Access points.

  I am running a number of AP1131AG access points that are showing transmit discards in the millions each day on the dot11G radio.
  all of these AP's are configured to use WPA/PSK and TKIP. All are running IOS 12.3(8)JEA.
  I'm puzzled by this as I also have a number of older 1231G access points that do not have the same problem.
  Can anyone tell me what might be causing such a high number of discarded packets my 1131's

  Use the command on the AP "sh dot11 associations" will give you clients which have successfully associated.  If you add the client MAC address at the end of the command you'll get a detailed information.  Look under "Signal Strength" and "Signal to Noise".  Under Signal Strength you want a value of -75 dBm or lower (lower values the better).  -76 dBm and up is bad.  Under Signal to Noise, you want a value of 25 dBm or higher (higher values the better).
  For measuring signal strength I use Airmagnet but you can use Netstumbler or Cisco Wireless Site Survey.

• Mystery Tunnel Interfaces on 2921 Router

  Hi All,
  I need some help.
  For some reason it seems we have 3 Tunnel interfaces on the router, not sure how it got there but we are unable to delete them or configure them.
  They seem to take the loopback ip as source and if I delete the loopback interface it chooses another IP.
  Output from sh ip int brief, not sure where it gets those IP's from as well.
  Tunnel0                    172.16.0.1      YES unset  up                    up     
  Tunnel1                    172.16.0.1      YES unset  up                    up     
  Tunnel2                    172.16.0.1      YES unset  up                    up    
  See below when I try to enter interface config mode:
  Router1(config)#int tunnel 0
  % This interface cannot be modified
  Any suggestions or help will be appreciated.
  Regards
  Z

  Hi Zubair,
  this is due to WCCP. You have WCCP for service 61 and 62 so my guess is you have an optimizer appliance (like WAAS) talking WCCP with this router. The tunnel interfaces are the result of WCCP using GRE encapsulation to redirect the traffic to the WAN optimizers.
  you can find more info here:
  https://supportforums.cisco.com/docs/DOC-15782
  thanks,
  Fabrizio

• Dual stack on tunnel interface

  Is it possible to run dual stack IP schemes over an ipsec-protected tunnel interface on IOS? I am able to assign the IPv6 addresses like a normal interface on both ends however when i try to ping across the tunnel with IPv6 there is no response. Here is an example of my config:
  R1
  interface Tunnel0
   description Tunnel to R2
   ip address 172.30.1.237 255.255.255.252
   ip mtu 1400
   ip nat inside
   ip virtual-reassembly
   load-interval 30
   ipv6 address FE80::172:30:1:1 link-local
   ipv6 address 2001:1::172:30:1:1/126
   keepalive 5 4
   tunnel source GigabitEthernet0/1
   tunnel mode ipsec ipv4
   tunnel destination 1.2.3.4
   tunnel protection ipsec profile protect-gre
  R2
  interface Tunnel0
   description Tunnel to R1
   ip address 172.30.1.238 255.255.255.252
   ip mtu 1400
   ip nat inside
   ip virtual-reassembly
   load-interval 30
   ipv6 address 2001:1::172:30:1:2/126
   ipv6 address FE80::172:30:1:2 link-local
   keepalive 5 4
   tunnel source FastEthernet0/1
   tunnel destination 1.2.3.5
   tunnel mode ipsec ipv4
   tunnel protection ipsec profile protect-gre
  The only solution i can clearly see is running a separate tunnel, which i would like to avoid. Any assistance is greatly appreciated!

  Hello,
  In my System preferences the IPv6 settings are set to "automatic", my DSL router (Cisco 787) supports IPv6. When visiting sites like www.sixxs.net and www.apnic.org (which are reachable by both IPv6 and IPv4), some pages are reached by IPv6 and some by IP4. Even the same page may load in IPv6 first, but a second time via IPv4. This behaviour has changed since my upgrade to Leopard, under Tiger the behaviour was much more stable.
  Gerard

• DMVPN + IPSec protected VRFs; IPSec SAs established only on one tunnel interface

  Hello folks!
  I have a setup between two Cisco ISR routers, running IOS 15.1(4)M3. I have tried to establish DMVPN connectivity with two VRFs (ie. two tunnel interfaces per router) between the routers and it mostly seems to be working as I expected. But... IPSec SAs seem to get tied to only one of the tunnel interface, not two (one per direction) per tunnel interface as they should. There's no MPLS backbone in between the routers, only "global VRF", routed IP network.
  Command "show crypto ipsec sa" or indirectly a missing OSPF neighborhood between the routers verifies the erroneuous situation. Occasionally, after an "interface tunnel[ 0 or 1] shut, no shut" or "clear crypto sa" command I seem to get it up and running, two SAs per tunnel interface, but if I reboot either one of the routers or just clear the IPSec SA, they most likely will appear under either one of two tunnel interfaces. So, what should I change to instruct the router setup SAs correctly, two SAs (one per direction) per tunnel interface?
  I'll enclose appropriate parts of the configurations and output of command "show crypto ipsec sa".

  I think I figured it out, for anyone who might stumble across this post in the future. It looks like you need to add the shared keyword to the tunnel protection command. ie...
  interface tunnel 0
   tunnel protection ipsec profile MyProfile shared
  end
  I should note that one of the first things I tried was to created a separate IPSec profile for each unique tunnel interface. It ended up not fixing the problem and I had to go with the solution above. 

• Output errors, Transmit discards and big buffer errors on 1121 AP

  I have a AIR-AP1121G-A-K9 running c1100-k9w7-tar.123-7.JA2 (Autonomous)
  We have monitoring setup with Orion NPM and we consistently see output errors, Transmit discards and big buffer errors
  The users at the site have not reporting any issues but was wondering how to prevent these or are these normal?
  What causes the output errors on Wireless Radio ? How to troubleshoot further ?
  Radio0-802.11G
  Total Output Errors         0              47749
  Small Buffer Misses
  4 misses
  139 misses
  Medium Buffer Misses
  117 misses
  249 misses
  Big Buffer Misses
  62 misses
  8982 misses
  Dot11Radio0 is up, line protocol is up
  MTU 1500 bytes, BW 54000 Kbit, DLY 1000 usec,
       reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/479/0 (size/max/drops/flushes); Total output drops: 245980
  Queueing strategy: fifo
  Output queue: 0/30 (size/max)
  5 minute input rate 48000 bits/sec, 25 packets/sec
  5 minute output rate 34000 bits/sec, 22 packets/sec
       32482389 packets input, 2056095954 bytes, 0 no buffer
       Received 1622227 broadcasts, 0 runts, 0 giants, 0 throttles
       0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
       0 input packets with dribble condition detected
       44289160 packets output, 1268314927 bytes, 0 underruns
       47752 output errors, 0 collisions, 1 interface resets
       0 babbles, 0 late collision, 0 deferred
       0 lost carrier, 0 no carrier
       0 output buffer failures, 0 output buffers swapped out
  Thanks

  This is normal.
  Remember that wireless network is like a hub:  One talks and everyone stops to listen and waits for their turn.