[VPN] IPSEC over load-shared T1s (per packet)
TSimons at Delphi-Tech.com
TSimons at Delphi-Tech.com
Thu Sep 18 09:07:49 EDT 2003
Hello All
Recently we doubled our internet bandwith to two T1s from the same provider
that terminate on in the same router on the NOC side.
We setup IP LOAD-SHARING PER-PACKET on each of the serial links on both
sides (NOC and Us) in order to get an aggregate 3.0mbit. PER-PACKET routing
alternates usage of the T1s, one for one...
Since then, VPN performance has taken a dive. Sniffing out traffic, ESP
packets are sent 3-4 times before they can be properly decrypted.
Someone along the way said that using PER-PACKET routing changes the CRC
value of the packets. Is this correct, has anyone else seen this issue? I
can't see how the CRC is changed, the hop count isn't changing, the lines
are identical, and they terminate in the same router, so the last hop is the
F0/0 interface of the router before getting to the firewall.
Thanks,
~Todd
__________________________________
Todd M. Simons
Senior MIS Engineer
Dell Tier 1 PA Technician
Delphi Technology, Inc.
New Brunswick, NJ
Note: The contents of this email do not constitute a legally binding
commitment.
More information about the VPN
mailing list