03-13-2020 07:56 AM
Hi Guys,
I have a question regarding ESP protocol.
On our DMVPN network for remote branches, the telco(ISP) has reported highly utilized links which causes network degrading performance on their side. They pointed out that the high utilization is coming from our Core router(ASR) in which they send a packet capture containing numerous ESP protocols. Although from checking it, most of those packets are in bit size in which I am sure that they cannot be the reason for the high utlization. What is even weirder is that our remote branches is not affected by the high utlization on their links. The utilization comes mostly only on their side. Does anyone have experience on this?
03-13-2020 10:03 AM
Hi,
If your DMVPN network does not use IPsec on top of that, how come you're sending ESP packets? If you use IPsec on top of DMVPN, it makes sense you're sending huge amount of ESP packets, both data-plane ESP encapsulated (user's traffic) and constant/frequent control-plane ESP encapsulated (like your IGP keepalives).
Regards,
Cristian Matei.
03-15-2020 05:45 PM
Hi Cristian,
Good day, I know right. We do use IPSEC on our DMVPN, the Telco(ISP) is pointing out that the ESP protocols are the ones flooding the network. Its very frustrating to have that argument. The only way to know is to conduct packet captures on our side. Thanks man, by the way, do you have any links anywhere about those ESP protocol keepalive on the network, just so we could have proof as they keep insisting that the fault is on the setup.
Regards,
Ralph
03-16-2020 06:13 AM
Hi,
I guess you run dynamic routing over DMVPN, right? What is your protocol and what timers are you using? The IGP keepalives are encapsulated into ESP, thus if you have like 100 spokes and you send IGP keepalives each 1 second, each 1 second, your ISP will see 100 small ESP packets inbound.
What is the exact problem with the ISP seeing ESP packets, what is the complaint about?
Regards,
Cristian Matei.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide