cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

High CPU Utilization on 1335 when using GRE over VPN

Jump to solution

     Any ideas what the limitations are on number of  GRE over VPN tunnels a 1335 can support.  I am currently doing about 9 with OSPF on the GRE  tunnels and the processor runs at about 80% utilization and the process that is consuming the most is packet routing process at about 50-60% of the processing power.

Labels (2)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: High CPU Utilization on 1335 when using GRE over VPN

Jump to solution

OSPF, GRE, and IPSEC are all processor-intensive functions and when combined they're even worse. Unfortunately there are no hard and fast rules about this sort of thing, since everyone's network will be different. We have no way of testing all the various scenario's, so we end up with some generalities.

Given what you've described I would generally say to stop at 5 GRE w/IPSEC tunnels and OSPF in a 1335, in order to leave some headroom in the CPU for spikes of activity. Going up to 9-15  tunnels like that you would want a unit with a more robust processor, perhaps a NetVanta 3430 but even then I wouldn't exceed 15 in that unit.

Regards,

Ronnie Colvin

Adtran Applications Engineering

View solution in original post

0 Kudos
6 Replies
Anonymous
Not applicable

Re: High CPU Utilization on 1335 when using GRE over VPN

Jump to solution

OSPF, GRE, and IPSEC are all processor-intensive functions and when combined they're even worse. Unfortunately there are no hard and fast rules about this sort of thing, since everyone's network will be different. We have no way of testing all the various scenario's, so we end up with some generalities.

Given what you've described I would generally say to stop at 5 GRE w/IPSEC tunnels and OSPF in a 1335, in order to leave some headroom in the CPU for spikes of activity. Going up to 9-15  tunnels like that you would want a unit with a more robust processor, perhaps a NetVanta 3430 but even then I wouldn't exceed 15 in that unit.

Regards,

Ronnie Colvin

Adtran Applications Engineering

0 Kudos
Anonymous
Not applicable

Re: High CPU Utilization on 1335 when using GRE over VPN

Jump to solution

So what would be the suggested router to accomplish up to 10 connections and have room for 20 total.  Would a 4430 be able to handle this.

Anonymous
Not applicable

Re: High CPU Utilization on 1335 when using GRE over VPN

Jump to solution

For growth up to 20 GRE w/IPSEC and OSPF, I would definitely recommend the 4430. It would be the only one with the horsepower to deal with the encryption and the OSPF with GRE and still be able to do everything else it needs to do (I'm guessing there's firewall going on, possibly QoS/traffic shaping, etc)

Anonymous
Not applicable

Re: High CPU Utilization on 1335 when using GRE over VPN

Jump to solution

We are doing VOIP across so yes QOS and traffic shaping.

Anonymous
Not applicable

Re: High CPU Utilization on 1335 when using GRE over VPN

Jump to solution

I went ahead and flagged this post as “Assumed
Answered.”  If any of the responses on this thread assisted you, please
mark them as either Correct or Helpful answers with the applicable
buttons.  This will make them visible and help other members of the
community find solutions more easily as well as award points to the users that
helped you.  If you still need assistance, I would be more than happy to
continue working with you on this - just let me know in a reply.

Anonymous
Not applicable

Re: High CPU Utilization on 1335 when using GRE over VPN

Jump to solution

:

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi