I've got an un-flow controlled application that bursts small UDP packets with about 30usec gap between. Yes, it's crap. Working on that...
It's traversing a GRE in IPSec tunnel.
The application sees occasional large gaps in the stream. 50-ish consecutive packets go missing. Looks like tail drop to me.
The sites with problem have the old-style 881 routers. I think I've found the problem, wonder if this makes sense?
The show crypto engine accelerator statistic
command includes packets in
and packets decrypted
counters.
I assume that these values should be moving together under normal circumstances?
These numbers are diverging at a rate of about 100pps.
I've confirmed that the following are working correctly:
- All application packets are getting encrypted and leaving the source site.
- All ESP packets are getting delivered to the destination site.
But the decrypted application stream is lossy.
So, what say you? Am I overrunning the crypto engine's input queue?
Is there some other value I should be looking at?
No comments:
Post a Comment