06-26-2022 09:45 AM
Dear community,
I have the following question, which am missing a real case scenario, and I would like to ask if someone has had an opportunity to find the following out: If there is a packet loss on one of the underlying links of a VPN tunnel: is the packet loss seen in the tunnel smaller, identical or higher?
Looking forward to hearing from you.
Best regards,
Laura
06-26-2022 09:56 AM
If the Underlay having issue, you see offten VPN tunnel broke / up and down or re-establish. so we expecte Underlay should be stable.
06-26-2022 10:15 AM
there are two layer here
Overlying
underlying
If you see my answer to your previous Q the you will full understand how you check the issue.
for example I want to use Ping to test VPN tunnel BUT since there are two layer how can I know which one is make my tunnel traffic drop ??
the ping command even if it simple but tricky
we can use ping to detect the issue if it in overlaying or underlying HOW?
PING <IP destination> source <IP source >
as I mention before first we do ping for underlaying
PING <TUNNEL IP destination> source <TUNNEL IP source >
we must success if not the issue in your ISP
second we ping for OVERLAYING
PING <TUNNEL IP local end > source <TUNNEL IP far end >
this give us hint that the VPN tunnel overlying have issue
the underlaying need more steps since the issue involved ISP
the overlying is simple since we have P2P so either this is
ip is config wrong
there is IPSec config under GRE which make traffic drop
the tunnel VRF issue which cause by assign VRF under tunnel and this sometimes make tunnel not forward packet.
06-26-2022 01:35 PM
This would depend on how much of the traffic on the link actually goes over the VPN tunnel. If all traffic that egresses on the link is sent over the tunnel then the packet loss should be identical. If only some of the traffic is sent over the VPN tunnel then the packet loss would be smaller.
06-28-2022 03:20 AM
there can be many reasons for the packet loss issue.
links may create issues.
high bandwidth utilization
if you have underlay then yes you can see offten.
maybe there is some proposal miss-match.
heavy encryptions on the tunnel may cause.
t
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide