IPsec vpn speed and cpu utilization


i have 450 Digi transport wr21 routers in IPsec vpn with two VPN contcentrator V7400 (VC74-00S2-DE6-SE) in vrrp mode.

When i ping LAN port of V7400 there is less lost packets than when i ping vrrp address.

Also, when i ping through vpn tunel there is a lot of lost packets sometimes 70%.

Please, can you give me any instructions how to solve this issue. My production is suffer.



You have think about several things when dealing with high number of vpn tunnels.

  1. resources in this case CPU of the VC7400 and Bandwitdh of links / interfaces.
  2. devices connecting the network.
  3. Packet loss is this dropped packets or routing issue packets going down the wrong interfaces.
  4. where you are testing from in the network and the actual connections / switches /routers and where are packets being dropped / delayed

thing about vrrp do you actualy know which device is responding are the routers flapping between maskter backup.

if interlinks between the vrrp pair are swmped you can get in a situation where both / all are master

you realy need to look carefully at the network and each components and what has changed?

new devices / software / applications that are using more resources than expected.

simple one i had was a new server was added that was pulling down AV updates not just updates but whole database every hour and we had times where the wan link was swamped

hope that helps