: Tunnel Acceleration for GRE, VXLAN, and GTP-U Tunnels
Focus
Focus

Tunnel Acceleration for GRE, VXLAN, and GTP-U Tunnels

Table of Contents
End-of-Life (EoL)

Tunnel Acceleration for GRE, VXLAN, and GTP-U Tunnels

Disable tunnel acceleration for GRE, VXLAN, or GTP-U tunnels to troubleshoot and for other reasons.
By default, supported firewalls now perform tunnel acceleration to improve performance and throughput for traffic going through generic route encapsulation (GRE) tunnels, virtual extensible local area network (VXLAN) tunnels, and General Packet Radio Service Tunnel Protocol for User Data (GTP-U) tunnels. Tunnel acceleration provides hardware offloading to reduce the time it takes to perform flow lookups and allows the tunnel traffic to be distributed more efficiently based on the inner traffic.
  • GRE and VXLAN tunnel acceleration—Supported on PA-3200 Series firewalls and PA-7000 Series firewalls with PA-7000-100G-NPC-A and PA-7050-SMC-B or PA-7080-SMC-B.
  • GTP-U tunnel acceleration—Supported on only PA-7000 Series firewalls with PA-7000-100G-NPC-A and PA-7050-SMC-B or PA-7080-SMC-B. GTP must be enabled for GTP-U tunnel acceleration to occur. GTP-U tunnel acceleration is very useful for narrowband IoT (NB-IoT) traffic.If you configure a Tunnel Content Inspection policy rule for a firewall to inspect GTP-U packets in a tunnel, you should disable GTP-U tunnel acceleration.
Tunnel acceleration is enabled by default on the supported firewall models. You can disable tunnel acceleration to troubleshoot or if you are using a Tunnel Content Inspection policy rule to inspect GTP-U packets in a tunnel. Perform the following task to disable tunnel acceleration.
  1. Select DeviceSetupManagement and edit General Settings.
  2. Deselect Tunnel Acceleration.
  3. Click OK.
  4. Commit.
  5. Reboot the firewall.
  6. Verify status of tunnel acceleration.
    1. Access the CLI.
    2. > show tunnel-acceleration
      System output is Enabled or Disabled. Additional status and reason for GTP-U only:
      • Disabled—GTP-U tunnel acceleration is not supported on firewall model or GTP Security is disabled.
      • Error (TCI with GTP-U configured unexpectedly)—TCI with GTP-U protocol is configured when Tunnel Accelection is enabled.
      • Enabled—Tunnel Acceleration is enabled; GTP-U Tunnel Acceleration is not running yet. GTP Security is enabled, but yet to reboot.
      • Installed—GTP-U Tunnel Acceleration is running.