Solved: try another provider in china

martintmadsen · ‎09-17-2014

Hi,

I have a question about quite a special setup.

I have a branchoffice in China and in the US, and a Headquater in Europe.

The branchoffices are connected to the Headquarter via IPSEC VPN.

Now the connection from China to Europe are really bad at times and multiple packetlosses are occouring on the IPSEC tunnel from China to Europe.

We tried creating tunnels from China to US and essentially sending the traffic the other way around the globe which showed similar problems.

After investigating I see that the connection is almost always ok on one of the connections and therefore I would like to create two tunnels and sent all traffic through both tunnels and have the router discard the packets that are ariving last or ignore those that doesn't arive at all.

I'm familiar with the IP SLA way to do it, but since the conditions of the tunnels change rapidly I cannot create tracking to effectively chose one tunnel over the other.

So the question is: Is it possible to send the same traffic over multiple gateways/tunnels and accept the reply on whichever link is the most stable/fast at that particular moment.

Hope someone have any insigt on this.

We dont have any Cisco routers yet so we are prepared to buy what is needed.

Joseph W. Doherty · ‎09-17-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Sorry, nothing comes to mind for sending duplicate traffic, but from what you describe, often Internet tunnel drops can be mitigated by QoS bandwidth management on your devices. Do you do this now?

Ok, you're familiar with IP SLA, does that include PfR? I think I've read either the latest version of PfR (or soon to be version) will redirect traffic much quicker if it sees any performance issues.

View solution in original post

Joseph W. Doherty · ‎09-17-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Sorry, nothing comes to mind for sending duplicate traffic, but from what you describe, often Internet tunnel drops can be mitigated by QoS bandwidth management on your devices. Do you do this now?

Ok, you're familiar with IP SLA, does that include PfR? I think I've read either the latest version of PfR (or soon to be version) will redirect traffic much quicker if it sees any performance issues.

martintmadsen · ‎09-17-2014

Thanks for your answer. I will look into PfR. It looks like it might be what is needed to make IP SLA efficient enough for our use.

We are doing no QoS at the moment. It is interesting and actually logical that we might be able to solve the problem by simply applying some QoS that limits how much traffic is sent through the tunnels. But the internet connection is stable for all traffic within China so I'm not convinced this will do any good.

Thanks.

Joseph W. Doherty · ‎09-17-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Well when it comes to QoS bandwidth management, as you mention you have two branches and one HQ, can the combination of the two branches transmission rates exceed the HQ bandwidth and/or can HQ transmission rate exceed either branch? If so, that might be part of your stability issues.

Tagir Temirgaliyev · ‎09-17-2014

try another provider in china

martintmadsen · ‎09-17-2014

Thanks for your answer. I'll see if we can have another seperate internet connection that might be more stable in regards to traffic distined for US and Europe.

Thanks.

route traffic over two IPSEC links for better stability.