Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ESP & UDP/500 Across Seperate Links

Posted this in the VPN section - apologize in advance for cross posting, but I'm kind of in a bind.

We've been pushing tons of  replication traffic lately through a VPN, and have been using a route  map to direct that traffic specifically to an OC3 (before that, it  completely saturated one of our DS3's) .  We have 4 tunnels total, and  only the tunnel used for replication across the OC3 seems to be having  issues.  It's been sporadic, but when it drops the only way to fix it is  to clear the SA.  It's possible that the OC3 might actually be  throttled down (when it's hammered, BW charts show it flatlining at  around 85-90mb but never anything higher).

I'm thinking, though, if maybe  UDP/500 is caught up somewhere during congestion while trying to rekey &  causing the tunnel to drop.  What are your thoughts on creating another  route-map & directing only UDP/500 across a known good link, while still  riding ESP across the bigger OC3?

2 REPLIES
Hall of Fame Super Blue

Re: ESP & UDP/500 Across Seperate Links

droeun141 wrote:

Posted this in the VPN section - apologize in advance for cross posting, but I'm kind of in a bind.

We've been pushing tons of  replication traffic lately through a VPN, and have been using a route  map to direct that traffic specifically to an OC3 (before that, it  completely saturated one of our DS3's) .  We have 4 tunnels total, and  only the tunnel used for replication across the OC3 seems to be having  issues.  It's been sporadic, but when it drops the only way to fix it is  to clear the SA.  It's possible that the OC3 might actually be  throttled down (when it's hammered, BW charts show it flatlining at  around 85-90mb but never anything higher).

I'm thinking, though, if maybe  UDP/500 is caught up somewhere during congestion while trying to rekey &  causing the tunnel to drop.  What are your thoughts on creating another  route-map & directing only UDP/500 across a known good link, while still  riding ESP across the bigger OC3?

Well it's worth a try. It's not going to break anything as long as the 2 endpoints are still the same and they will be. The only other thing you could is look to use QOS to prioritise the UDP 500 traffic but if you have another link that can be used i would try that first. Obviously make sure you apply the PBR on the other end as well so the same link is used for return traffic on the UDP 500 port.

Jon

New Member

Re: ESP & UDP/500 Across Seperate Links

Will give it a go... thanks!

163
Views
0
Helpful
2
Replies