Search this Blog

Sunday, June 5, 2011

How many number of GRE Tunnels are supported on Cisco 2811?

We are in planning phase of a network design, wherein it is required to setup a network comprising of Cisco 2811 as WAN edge routers. We need to understand that how many GRE and IPSec tunnels supported by this platform.

By default the Cisco 2811 supported 200 vpn connections with k9 bundle. If you want to use more than 200 connections then you need to insert additional AIM module. There is a finite resource limit to number of tunnels that can be supported, but you're much more likely to run into platform capacity/performance issues before you hit the limits of number of tunnels that can be defined. If fact, if your tunnel(s) will use Ethernet interfaces, one tunnel could be too much (as is the case with the FastEthernet interfaces too). NB: if the tunnel needs to fragment packets, this too will place additional load on the router.

IPSec tunnels further increase load, and if there are enough of them, the load of supporting key exchange, alone, can overtax the router, i.e. even without any user traffic passing across the tunnels. NB: BTW, if supporting IPSec, there might be a hardware option to enhance performance beyond what the on-board crypto module supports.

You can check Interface Descriptor Block (IDB) on the router by using a "show idb" command.

There are two main types of IDBs:
Hardware IDBs (HWIDBs)
Software IDBs (SWIDBs)

A tunnel interface(GRE) consumes an HWIDB plus one SWIDB per tunnel. So you can create as many as the software can handle. Just check it by using the command I told you.

Please click here for more information on Maximum Number of Interfaces and Sub interfaces for Cisco IOS Platforms: IDB Limits.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */