[fw-wiz] IPSEC over load-shared T1s (per packet)

• Previous message: George Capehart: "Re: [fw-wiz] Stop using dorkslayers.com RBLs now"
• Next in thread: Ben Nagy: "RE: [fw-wiz] IPSEC over load-shared T1s (per packet)"
• Reply: Ben Nagy: "RE: [fw-wiz] IPSEC over load-shared T1s (per packet)"
• Maybe reply: TSimons_at_Delphi-Tech.com: "RE: [fw-wiz] IPSEC over load-shared T1s (per packet)"
• Maybe reply: TSimons_at_Delphi-Tech.com: "RE: [fw-wiz] IPSEC over load-shared T1s (per packet)"
• Maybe reply: TSimons_at_Delphi-Tech.com: "RE: [fw-wiz] IPSEC over load-shared T1s (per packet)"
• Maybe reply: Pano Xinos: "RE: [fw-wiz] IPSEC over load-shared T1s (per packet)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Wed, 17 Sep 2003 21:38:23 -0400

Hello All

Recently we doubled our internet bandwith to two T1s from the same provider
that terminate on in the same router on the NOC side.

We setup IP LOAD-SHARING PER-PACKET on each of the serial links on both
sides (NOC and Us) in order to get an aggregate 3.0mbit. PER-PACKET routing
alternates usage of the T1s, one for one...

Since then, VPN performance has taken a dive. Sniffing out traffic, ESP
packets are sent 3-4 times before they can be properly decrypted.

Someone along the way said that using PER-PACKET routing changes the CRC
value of the packets. Is this correct, has anyone else seen this issue? I
can't see how the CRC is changed, the hop count isn't changing, the lines
are identical, and they terminate in the same router, so the last hop is the
F0/0 interface of the router before getting to the firewall.

Thanks,
~Todd

__________________________________
Todd M. Simons
Senior MIS Engineer
Dell Tier 1 PA Technician
Delphi Technology, Inc.
New Brunswick, NJ

Note: The contents of this email do not constitute a legally binding
commitment.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: George Capehart: "Re: [fw-wiz] Stop using dorkslayers.com RBLs now"
• Next in thread: Ben Nagy: "RE: [fw-wiz] IPSEC over load-shared T1s (per packet)"
• Reply: Ben Nagy: "RE: [fw-wiz] IPSEC over load-shared T1s (per packet)"
• Maybe reply: TSimons_at_Delphi-Tech.com: "RE: [fw-wiz] IPSEC over load-shared T1s (per packet)"
• Maybe reply: TSimons_at_Delphi-Tech.com: "RE: [fw-wiz] IPSEC over load-shared T1s (per packet)"
• Maybe reply: TSimons_at_Delphi-Tech.com: "RE: [fw-wiz] IPSEC over load-shared T1s (per packet)"
• Maybe reply: Pano Xinos: "RE: [fw-wiz] IPSEC over load-shared T1s (per packet)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Any ideas how to start this? ... One of my friends has child who he wold like to terminate from the wireless ... The Router settings allow him to ... It seems to me that any Router that allowed such programmatic settings ... (microsoft.public.vb.winapi) Re: rookie VPN OWA question ... but I'm sure that Routing and Remote Access will take the ... I could terminate at the router and be on the network that I could ... access OWA in the same fashion that I would if I was on the inside, ... (microsoft.public.backoffice.smallbiz2000) Re: ICF with router ... >> Firewall is for use ONLY on a direct connection to the Internet, ... > protection like the router does. ... > you to terminate a program or terminate its connection to an IP. ... > doesn't provide any protection for the machine the ports are being mapped ... (comp.security.firewalls) Re: iptables + routing public subnet to private interface. (Newbee) ... The box is acting as the router. ... we have a cat 5 cable from it into our ... isp's noc. ... and there is no budget to get a router. ... (Fedora)