Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
0
Helpful
3
Replies

ESP Protocol flooding on our DMVPN Network

rngedangoni
Level 1
Level 1

‎03-13-2020 07:56 AM

Hi Guys,

 

I have a question regarding ESP protocol.

On our DMVPN network for remote branches, the telco(ISP) has reported highly utilized links which causes network degrading performance on their side. They pointed out that the high utilization is coming from our Core router(ASR) in which they send a packet capture containing numerous ESP protocols. Although from checking it, most of those packets are in bit size in which I am sure that they cannot be the reason for the high utlization. What is even weirder is that our remote branches is not affected by the high utlization on their links. The utilization comes mostly only on their side. Does anyone have experience on this?

0 Helpful
3 Replies 3

Cristian Matei
VIP Alumni
VIP Alumni

‎03-13-2020 10:03 AM

Hi,

 

    If your DMVPN network does not use IPsec on top of that, how come you're sending ESP packets? If you use IPsec on top of DMVPN, it makes sense you're sending huge amount of ESP packets, both data-plane ESP encapsulated (user's traffic) and constant/frequent control-plane ESP encapsulated (like your IGP keepalives).

 

Regards,

Cristian Matei.

0 Helpful

rngedangoni
Level 1
Level 1
In response to Cristian Matei

‎03-15-2020 05:45 PM

Hi Cristian,

 

    Good day, I know right. We do use IPSEC on our DMVPN, the Telco(ISP) is pointing out that the ESP protocols are the ones flooding the network. Its very frustrating to have that argument. The only way to know is to conduct packet captures on our side. Thanks man, by the way, do you have any links anywhere about those ESP protocol keepalive on the network, just so we could have proof as they keep insisting that the fault is on the setup. 

 

Regards,

Ralph

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to rngedangoni

‎03-16-2020 06:13 AM

Hi,

 

    I guess you run dynamic routing over DMVPN, right? What is your protocol and what timers are you using? The IGP keepalives are encapsulated into ESP, thus if you have like 100 spokes and you send IGP keepalives each 1 second, each 1 second, your ISP will see 100 small ESP packets inbound.

    What is the exact problem with the ISP seeing ESP packets, what is the complaint about?

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card