Configuring RSVP on DMVPN mGRE tunnels requires few extra steps and a little bit of calculations to figure out the additional overhead. Without correctly configured overhead, the mismatch between RSVP and available LLQ bandwidth can cause degraded VoIP call performance.
Tunnel Bandwidth
By default, the bandwidth value on the tunnel interfaces is set to a low value. Older IOS versions use 8 Kbps while some of the newer IOS versions use 100 Kbps. The idea behind setting such a low bandwidth value is to make it less preferred by routing protocols like EIGRP and OSPF that rely on bandwidth for metric calculation to prevent recursive routing.
A low bandwidth value set on a tunnel interface can cause RSVP problem. If RSVP is enabled on a tunnel interface, by default 75% of its bandwidth is reserved for RSVP. Eight kbps or 100 kbps is too small for any VoIP calls. Ensure that that the correct bandwidth of the underlying physical interface is manually set. It is very easy to miss that Tun2 only have 75 Kbps of reservable bandwidth, while Gi0/2 has 75 Mbps.
b-ro02#sh ip rsvp interface
interface rsvp allocated i/f max flow max sub max VRF
Gi0/0 ena 0 750M 750M 0
Gi0/2 ena 0 75M 75M 0
Tu2 ena 0 75K 75K 0
By default, the tunnel’s bandwidth is set to 100 Kbps.
b-ro02#sh int tun2 | i BW
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
Tunnel Overhead
Packets routed over a DMVPN tunnel have additional headers. Depending on the DMVPN configuration, these headers are IPSec and GRE headers. The original voice packets become encapsulated within these headers and tracked by the QoS service policy. For example a G.711 voice call with an 85 Kbps[1] rate incoming to the DMVPN router, leaves the tunnel interface at a 124 Kbps rate. The additional bandwidth that corresponds to DMVPN encapsulation somehow has to be tracked by RSVP. In IOS 15.0M, Cisco added the Tunnel Overhead feature. With this feature, RSVP can make a larger reservation just for the tunnel. By default, 4 percent overhead is added which is not enough for DMVPN. Based on internal lab testing, a DMVPN tunnel with IPSec in tunnel mode, adds a 55% overhead. Use this formula to calculate the overhead (see measurement values below):
RSVP_Rate + (DMVPN_Overhead) = DMVPN_Rate
RSVP_Rate + (RSVP_Rate * X_Overhead) = DMVPN_Rate
Example:
80 Kbps + (80Kbps * X_overhead) = 124 Kbps
X_Overhead = 0.55
Where,
- RSVP_Rate is the reserved rate of the voice call (G.711 = 80Kbps and G.729 = 24 Kbps).
- DMVPN_Overhead is the percent of overhead for the tunnel, calculated as RSVP_Rate * X_Overhead.
- DMVPN_Rate is the measured rate of voice calls encapsulated over the tunnel.
a-ro02(config)# interface tunnel2 a-ro02(config-if)# ip rsvp tunnel overhead-percent 55
1 Call | 2 Calls | 3 Calls | |
Ingress (Ethernet) | 85 Kbps | 171 Kbps | 256 Kbps |
Egress (DMVPN) | 124 Kbps | 248 Kbps | 372 Kbps |
Table 1 – Measured G.711 call on an Ethernet link vs a DMVPN Tunnel.
One call rate measurements:
Ingress Gi0/0 (Ethernet)
b-ro02#sh policy-map int gi0/0 in class llq-in | i offered rate
30 second offered rate 85000 bps, drop rate 0 bps
Egress Tunnel2 (mGRE over IPsec)
b-ro02#sh policy-map int gi0/2 out class llq-out | i offered rate
30 second offered rate 124000 bps, drop rate 0 bps
Two calls rate measurements:
Ingress Gi0/0 (Ethernet)
b-ro02#sh policy-map int gi0/0 in class llq-in | i offered rate
30 second offered rate 171000 bps, drop rate 0 bps
Egress Tunnel2 (mGRE over IPsec)
b-ro02# sh policy-map int gi0/2 out class llq-out | i offered rate
30 second offered rate 248000 bps, drop rate 0 bps
Three calls rate measurements:
Ingress Gi0/0 (Ethernet)
b-ro02#sh policy-map int gi0/0 in class llq-in | i offered rate
30 second offered rate 256000 bps, drop rate 0 bps
Egress Tunnel2 (mGRE over IPsec)
b-ro02# sh policy-map int gi0/2 out class llq-out | i offered rate
30 second offered rate 372000 bps, drop rate 72000 bps
b-ro02#sh ip rsvp interface
interface rsvp allocated i/f max flow max sub max VRF
Gi0/0 ena 240K[2] 750M 750M 0
Gi0/2 ena 372K 75M 75M 0
Tu2 ena 372K 500K 96K 0
Thank you so much for this post!!!
Michael, I’m curious are you running this for voip or some other application?