[Xorp-users] troubles with PIM-SM

Patrick Marc Preuss deathdealer@gmx.net
Sat, 25 Feb 2006 09:08:13 +0100


Hello Dorin,

Dorin Olarov said the following on 23.02.2006 21:49:
> Hello all,
>  
> Sorry for the long introduction, but I think a bit of a background is 
> necessary:
> I have a GRE tunnel going over a VPN and multicast+PIM-SM traffic 
> going through this GRE tunnel.
> The other side is a Cisco router, don't know exactly the model + IOS 
> release.
> All of this is fully operational on my side on a Cisco router as well, 
> with the following configuration:
> 2611XM with an AIM VPN/BP encryption module,  running 
> c2600-ik9o3s-mz.122-27.
Witch kind of VPN you are using? Lan-2-Lan
How is encryption handelt?
How is fragmentation handelt? Before IPsec or after ipsec
Can you mail a "show process cpu sorted" form the cisco?
What is running on the Cisco? Netflow, cef, etc.
Is the encryption aim enabled?
>  
> The problem is that the CPU usage is very high on the Cisco on my end.
> Even though the specs say this setup should handle up to 10Mbps of 
> encrypted traffic (with packets at near-MTU size),
> I get this high CPU usage at much lower traffic rates, as in 1 to 1.5Mbps.
Sounds the cisco is doing the encryption in software or you have a high 
fragementaion rate on the router
Have you access to other cisco ios versions? if yes can you try to use a 
release 12.4.xx
Than you can set "int e0/0" ip tcp mss-adjust 1350"
the problem on the ciscos is how fragmentation is handelt, before ipsec, 
gre or after maybe lower the mtu on the gre tunnel to 1350.

> Any suggestions?
>  
> Thank you,
> Dorin.
>  

regards
    Patrick Marc