Any ideas what the limitations are on number of GRE over VPN tunnels a 1335 can support. I am currently doing about 9 with OSPF on the GRE tunnels and the processor runs at about 80% utilization and the process that is consuming the most is packet routing process at about 50-60% of the processing power.
OSPF, GRE, and IPSEC are all processor-intensive functions and when combined they're even worse. Unfortunately there are no hard and fast rules about this sort of thing, since everyone's network will be different. We have no way of testing all the various scenario's, so we end up with some generalities.
Given what you've described I would generally say to stop at 5 GRE w/IPSEC tunnels and OSPF in a 1335, in order to leave some headroom in the CPU for spikes of activity. Going up to 9-15 tunnels like that you would want a unit with a more robust processor, perhaps a NetVanta 3430 but even then I wouldn't exceed 15 in that unit.
Regards,
Ronnie Colvin
Adtran Applications Engineering
OSPF, GRE, and IPSEC are all processor-intensive functions and when combined they're even worse. Unfortunately there are no hard and fast rules about this sort of thing, since everyone's network will be different. We have no way of testing all the various scenario's, so we end up with some generalities.
Given what you've described I would generally say to stop at 5 GRE w/IPSEC tunnels and OSPF in a 1335, in order to leave some headroom in the CPU for spikes of activity. Going up to 9-15 tunnels like that you would want a unit with a more robust processor, perhaps a NetVanta 3430 but even then I wouldn't exceed 15 in that unit.
Regards,
Ronnie Colvin
Adtran Applications Engineering
So what would be the suggested router to accomplish up to 10 connections and have room for 20 total. Would a 4430 be able to handle this.
For growth up to 20 GRE w/IPSEC and OSPF, I would definitely recommend the 4430. It would be the only one with the horsepower to deal with the encryption and the OSPF with GRE and still be able to do everything else it needs to do (I'm guessing there's firewall going on, possibly QoS/traffic shaping, etc)
We are doing VOIP across so yes QOS and traffic shaping.
I went ahead and flagged this post as “Assumed
Answered.” If any of the responses on this thread assisted you, please
mark them as either Correct or Helpful answers with the applicable
buttons. This will make them visible and help other members of the
community find solutions more easily as well as award points to the users that
helped you. If you still need assistance, I would be more than happy to
continue working with you on this - just let me know in a reply.
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Levi