cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
buckaroo
New Contributor

IPSec/GRE Tunnel between multiple NetVanta 3120 and a NetVanta 3448 (both Enhanced Feature Set) - bandwidth restricted to 1.4mbps?

Jump to solution

The Background:

I have a WAN consisting of a hub site at a hosted Data Center with a 75mbps symmetrical Fiber line from Charter, and multiple branches with different internet types - one provided by a major university's network (many GB of bandwidth), several Charter 200/7 and 100/4 Cable Internet, and two HTC DSL (one 80/7, one 20/2). All sites have static addresses. The Data Center has a NetVanta 3448 w/Enhanced Feature Set, all hub sites have NetVanta 3120 w/EFS - except one, which has a NetVanta 3448 w/EFS. Firmware version on all is R11.6 or R11.7.

The branches are all connected to the Data Center using GRE Tunnels with MTU set at 1400. In turn the GRE tunnels are sent through VPN/IPSec encryption.

The Good News:

Everything is working fine. RIPv2 routing across the tunnels works, traffic is passed all around, every branch can communicate with the data center and every other branch. Each Branch location has NAT set up to provide local Internet, but route WAN traffic across the tunnel. The Data Center router does not have NAT turned on, as it routes its Internet out through a content filter, but each VPN/GRE endpoint has a static route entry pointing to the ISP's gateway.

The Bad News:

My problem is that all of the branches using 3120s seem to be limiting incoming bandwidth to 1.4mbps, as shown via MRTG. When transferring data from the Data Center (75mbps outbound) to a branch (100mbps inbound) I'm still only getting 1.4mbps through the tunnel. Non-tunnel traffic, which is to say Internet traffic, is going up to the 100mbps limit imposed by the lack of Gigabit ports on the router - but traffic going through the tunnel is limited to 1.4mbps. I can find nothing in the configuration limiting the bandwidth.

SHOW INTERFACE TUNNEL 40 returns:

tunnel 40 is UP

  IP address 10.0.40.2, netmask 255.255.255.0

  IP MTU 1400 bytes

  BW 100000 Kbit

  Description: Downtown Branch

  Tunnel mode GRE, keepalive enabled (10 seconds, 3 retries)

  Tunnel source <Branch Public IP>, destination <Data Center Public IP>

  Key: 40, packet checksumming disabled, sequencing disabled

  Last clearing of "show interface" counters: never

    2433734 packets input, 1289254400 bytes

    1552739 packets output, 315477558 bytes

    0 rx broadcast pkts, 0 tx broadcast pkts

The tunnel to the one branch with a 3448 is not so limited and went over 16mbps the first time I put that much load on it.

My Worry:

Is the 3120 just not capable of handling a tunnel at more than 1.4mbps? This would be seriously bad news for me, as we've already purchased 28 of them, and have 8 currently configured for VPN tunnels and 20 standing by for a network reconfiguration from MPLS to Internet/VPN.

Please let me know if you need complete configurations or any other details.

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: IPSec/GRE Tunnel between multiple NetVanta 3120 and a NetVanta 3448 (both Enhanced Feature Set) - bandwidth restricted to 1.4mbps?

Jump to solution

Unfortunately, according to the AOS Feature Matrix - Product Feature Matrix the 3120 is only does 1 Mb/s when doing all IPsec traffic. If you look at the performance statistics it gives all the throughput capabilities of all the products.

View solution in original post

0 Kudos
2 Replies
Anonymous
Not applicable

Re: IPSec/GRE Tunnel between multiple NetVanta 3120 and a NetVanta 3448 (both Enhanced Feature Set) - bandwidth restricted to 1.4mbps?

Jump to solution

Unfortunately, according to the AOS Feature Matrix - Product Feature Matrix the 3120 is only does 1 Mb/s when doing all IPsec traffic. If you look at the performance statistics it gives all the throughput capabilities of all the products.

0 Kudos

Re: IPSec/GRE Tunnel between multiple NetVanta 3120 and a NetVanta 3448 (both Enhanced Feature Set) - bandwidth restricted to 1.4mbps?

Jump to solution

Yikes. Well, that's disappointing, but not soul-crushing. Just need to see if I can swap the 3120s for 3140s. I looked for something exactly like this document when I was getting ready for this project and couldn't find it. Thanks for your help.