05-18-2002 02:21 PM - edited 02-21-2020 11:45 AM
I have a 2621 router that terminates 2 T1 links with per packet load sharing on my outbound connections.
I would like to implement IPSec tunnels that terminate on these routers, and have the traffic load shared between the two links.
Though, I have heard that IPSec does not like load sharing and it either may not work, or will just prefer one link and not share the two links.
I need clarification as I have heard both sides, one saying that it will load share, and the other saying it won't.
If I'm not able to, would terminating the IPSec tunnels behind the router solve anything?
Theoretically, I can't see why this would not work.
Thanks.
05-18-2002 04:37 PM
Normally what I do in this scenario is form a gre tunnel between the ipsec peers, and then ipsec protect it. The gre tunnel source and destination is based on the routers loopbacks. The route to the peer loopback is thru the
the 2 T1 lines, either by static route or thru some routing protocol. Then enable
per packet load sharing on the t1 interfaces. So the ipsec traffic actually gets
load balanced across the 2 T1 links.
05-21-2002 05:39 AM
Hi,
I am really interesting with this scenario, any information that this solution has been proved on the field ? Definitely as soon as I have time, will test this on the lab for performance, caveats, etc.
Appreciate for any insight
05-22-2002 12:35 AM
I've got the same scenario running on one of my customer sites. You also have to take into account if your ISP is able to do per packet load sharing, so
you have load sharing inbound as well. The config I have suggested would give you an outbound load sharing.
05-24-2002 07:17 PM
Thanks. The ISP is not doing per packet load balancing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide