3 Replies Latest reply on Feb 20, 2013 1:01 PM by noor

    NV3458 max GRE over IP/SEC tunnels

    pebo New Member

      I have 44 NV3458 routers in branch offices coming into our HQ's NV3458 over 2 100MB fiber connections. It can not support all the offices if I try to setup individual GRE-IPSec tunnels (CPU maxs out).  Eth0/1 has 17 sub-interfaces and eth0/2 has a single IP address but will support 20 branches.

       

      Before I try splitting the offices between two NV3458s, is there a recommended maximum number of tunnels this router can handle or should I be looking for a different Adtran router that would handle the tunnels better?

        • Re: NV3458 max GRE over IP/SEC tunnels
          racolvin Employee

          GRE-IPsec tunnels are extremely CPU intensive and rapidly max a unit out. The best recommendation would be to use a NetVanta 4430 (with Enhanced Firmware) as your central-site device and leave the 3458's for the edges. The 4430 is our top-of-the-line unit and would be only one that has the potential to deal with all those tunnels in a single device but we cannot guarantee that.

           

          Unfortunately we have no answer to the "recommended maximum" question because the usage cases are different for every customer. A GRE-IPSec tunnel that is relatively quiet (low usage) has an entirely different CPU utilization profile than one that is moderately or heavily used and there's just no way for us to test and validate every case.

           

          So my best recommendation is the 4430 w/EFP and see how far it takes you, then supplement with a secondary unit later - either another 4430 and split the tunnels between them or use a spare 3458 for the few that the 4430 might not handle.

          • Re: NV3458 max GRE over IP/SEC tunnels
            levi Employee

            pebo:

             

            I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

             

            Levi

              • Re: NV3458 max GRE over IP/SEC tunnels
                Employee

                I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                 

                Thanks,

                Noor