IPSEC over load-shared T1s (per packet)

[TSimons () Delphi-Tech com]

Hello All

Recently we doubled our internet bandwith to two T1s from the same provider
that terminate on in the same router on the NOC side.

We setup IP LOAD-SHARING PER-PACKET on each of the serial links on both
sides (NOC and Us) in order to get an aggregate 3.0mbit. PER-PACKET routing
alternates usage of the T1s, one for one...

Since then, VPN performance has taken a dive.  Sniffing out traffic, ESP
packets are sent 3-4 times before they can be properly decrypted. 

Someone along the way said that using PER-PACKET routing changes the CRC
value of the packets.  Is this correct, has anyone else seen this issue?  I
can't see how the CRC is changed, the hop count isn't changing, the lines
are identical, and they terminate in the same router, so the last hop is the
F0/0 interface of the router before getting to the firewall.

Thanks,
~Todd

__________________________________
Todd M. Simons
Senior MIS Engineer
Dell Tier 1 PA Technician 
Delphi Technology, Inc.
New Brunswick, NJ

Note: The contents of this email do not constitute a legally binding
commitment.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards