I have a question regarding ESP protocol.
On our DMVPN network for remote branches, the telco(ISP) has reported highly utilized links which causes network degrading performance on their side. They pointed out that the high utilization is coming from our Core router(ASR) in which they send a packet capture containing numerous ESP protocols. Although from checking it, most of those packets are in bit size in which I am sure that they cannot be the reason for the high utlization. What is even weirder is that our remote branches is not affected by the high utlization on their links. The utilization comes mostly only on their side. Does anyone have experience on this?
If your DMVPN network does not use IPsec on top of that, how come you're sending ESP packets? If you use IPsec on top of DMVPN, it makes sense you're sending huge amount of ESP packets, both data-plane ESP encapsulated (user's traffic) and constant/frequent control-plane ESP encapsulated (like your IGP keepalives).
Good day, I know right. We do use IPSEC on our DMVPN, the Telco(ISP) is pointing out that the ESP protocols are the ones flooding the network. Its very frustrating to have that argument. The only way to know is to conduct packet captures on our side. Thanks man, by the way, do you have any links anywhere about those ESP protocol keepalive on the network, just so we could have proof as they keep insisting that the fault is on the setup.
I guess you run dynamic routing over DMVPN, right? What is your protocol and what timers are you using? The IGP keepalives are encapsulated into ESP, thus if you have like 100 spokes and you send IGP keepalives each 1 second, each 1 second, your ISP will see 100 small ESP packets inbound.
What is the exact problem with the ISP seeing ESP packets, what is the complaint about?