Investigating speed problems here https://www.reddit.com/r/sophos/comments/mzwfu0/ipsec_vpn_slowness_in_one_direction_over_2x_sites/ and noticed something strange.
Info:
Site A:
300/300mbps
Software Sophos XG firewall
Vmware / Vcenter on a VXrail cluster
Site B:
1/1gbps
Software Sophos XG firewall
Vmware / Vcenter on IBM blades
IPSEC VPN to both sites
Traffic flows fast from Site A to B but is dead slow from B to A
What I noticed while looking at the capture in Wireshark with a sophos engineer is the packets from site B are trying to send at huge sizes way larger than our MTU and upwards of 22000 packet length and these large packets have the header DO NOT FRAGMENT = 1
What would cause the packets to be set to Do Not Fragment? where in the network could cause the size to be so large (or inject data into packets)?
Thanks this is crazy.
No comments:
Post a Comment