Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
2
Replies

ESP & UDP/500 Across Seperate Links

droeun141
Level 1
Level 1

‎04-14-2010 11:38 AM - edited ‎03-04-2019 08:09 AM

Posted this in the VPN section - apologize in advance for cross posting, but I'm kind of in a bind.

We've been pushing tons of  replication traffic lately through a VPN, and have been using a route  map to direct that traffic specifically to an OC3 (before that, it  completely saturated one of our DS3's) .  We have 4 tunnels total, and  only the tunnel used for replication across the OC3 seems to be having  issues.  It's been sporadic, but when it drops the only way to fix it is  to clear the SA.  It's possible that the OC3 might actually be  throttled down (when it's hammered, BW charts show it flatlining at  around 85-90mb but never anything higher).

I'm thinking, though, if maybe  UDP/500 is caught up somewhere during congestion while trying to rekey &  causing the tunnel to drop.  What are your thoughts on creating another  route-map & directing only UDP/500 across a known good link, while still  riding ESP across the bigger OC3?

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎04-14-2010 11:41 AM 

droeun141 wrote:
Posted this in the VPN section - apologize in advance for cross posting, but I'm kind of in a bind.
We've been pushing tons of  replication traffic lately through a VPN, and have been using a route  map to direct that traffic specifically to an OC3 (before that, it  completely saturated one of our DS3's) .  We have 4 tunnels total, and  only the tunnel used for replication across the OC3 seems to be having  issues.  It's been sporadic, but when it drops the only way to fix it is  to clear the SA.  It's possible that the OC3 might actually be  throttled down (when it's hammered, BW charts show it flatlining at  around 85-90mb but never anything higher).
I'm thinking, though, if maybe  UDP/500 is caught up somewhere during congestion while trying to rekey &  causing the tunnel to drop.  What are your thoughts on creating another  route-map & directing only UDP/500 across a known good link, while still  riding ESP across the bigger OC3?

Well it's worth a try. It's not going to break anything as long as the 2 endpoints are still the same and they will be. The only other thing you could is look to use QOS to prioritise the UDP 500 traffic but if you have another link that can be used i would try that first. Obviously make sure you apply the PBR on the other end as well so the same link is used for return traffic on the UDP 500 port.

Jon

0 Helpful

droeun141
Level 1
Level 1
In response to Jon Marshall

‎04-14-2010 11:48 AM

Will give it a go... thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card