Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

route traffic over two IPSEC links for better stability.

Hi,

 

I have a question about quite a special setup.

 

I have a branchoffice in China and in the US, and a Headquater in Europe.

 

The branchoffices are connected to the Headquarter via IPSEC VPN.

Now the connection from China to Europe are really bad at times and multiple packetlosses are occouring on the IPSEC tunnel from China to Europe.

We tried creating tunnels from China to US and essentially sending the traffic the other way around the globe which showed similar problems.

 

After investigating I see that the connection is almost always ok on one of the connections and therefore I would like to create two tunnels and sent all traffic through both tunnels and have the router discard the packets that are ariving last or ignore those that doesn't arive at all.

I'm familiar with the IP SLA way to do it, but since the conditions of the tunnels change rapidly I cannot create tracking to effectively chose one tunnel over the other.

 

So the question is: Is it possible to send the same traffic over multiple gateways/tunnels and accept the reply on whichever link is the most stable/fast at that particular moment.

 

Hope someone have any insigt on this.

We dont have any Cisco routers yet so we are prepared to buy what is needed.

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Sorry, nothing comes to mind for sending duplicate traffic, but from what you describe, often Internet tunnel drops can be mitigated by QoS bandwidth management on your devices.  Do you do this now?

Ok, you're familiar with IP SLA, does that include PfR?  I think I've read either the latest version of PfR (or soon to be version) will redirect traffic much quicker if it sees any performance issues.

5 REPLIES
Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Sorry, nothing comes to mind for sending duplicate traffic, but from what you describe, often Internet tunnel drops can be mitigated by QoS bandwidth management on your devices.  Do you do this now?

Ok, you're familiar with IP SLA, does that include PfR?  I think I've read either the latest version of PfR (or soon to be version) will redirect traffic much quicker if it sees any performance issues.

New Member

Thanks for your answer. I

Thanks for your answer. I will look into PfR. It looks like it might be what is needed to make IP SLA efficient enough for our use.

 

We are doing no QoS at the moment. It is interesting and actually logical that we might be able to solve the problem by simply applying some QoS that limits how much traffic is sent through the tunnels. But the internet connection is stable for all traffic within China so I'm not convinced this will do any good.

 

Thanks.

Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Well when it comes to QoS bandwidth management, as you mention you have two branches and one HQ, can the combination of the two branches transmission rates exceed the HQ bandwidth and/or can HQ transmission rate exceed either branch?  If so, that might be part of your stability issues.

try another provider in china

try another provider in china

New Member

Thanks for your answer. I'll

Thanks for your answer. I'll see if we can have another seperate internet connection that might be more stable in regards to traffic distined for US and Europe.

 

Thanks.

84
Views
0
Helpful
5
Replies