Hello,
I have the following split tunnel setup (Please excuse the poor ascii
:
Data center 1
10/100 line from ISP
|
-------------------------------------
| Layer 3 switch (Dell 3324) |
-------------------------------------
(Each sonicwall has a public ip)
| |
| |
----------- ---------
|Pro3060 | |Pro3060|
----------- ---------
(Default GW) (Gatway to second Data cetner)
| |
| |
| |
--------------------------------
| LAN 10.0.4.0/25 |
--------------------------------
(Servers and clients)
Servers and clients have static routes inserted into their local routing table telling them to use the default gateway for all traffic exiting this network that is not destined for my second data center. Second data center traffic is routed through the sonicwall responsible for creating and maintaining the site to site vpn connection.
Now, I have the exact same setup in another co-location facility, execpt its private network ip range is 10.10.4.0/25.
The problem I'm experiencing is that the tunnel between data centers will fail, meaning I'll experience 100% packet loss for around 10 seconds, and then it will come back up. I'm also seeing a lot of messages when I sniff packets that look like this:
[TCP Previous segment lost] Encrypted response packet len=X
[TCP Out-Of-Order] Encrypted response packet len=X
Between data centers I have 2 mysql database servers replicating, the problem is that this replication becomes disrupted when too much packet loss / retransmission occurs. I'm essentially using the default vpn setup on each sonicwall, except I've enabled fragmented packets, but disabled the ignore don't fragment bit. Sonicwall tech support advised I do this because of the size of data I was pushing back and forth between facilities.
At this point I have no idea what to do. Does anyone have a tip?
thanks!
I have the following split tunnel setup (Please excuse the poor ascii
:Data center 1
10/100 line from ISP
|
-------------------------------------
| Layer 3 switch (Dell 3324) |
-------------------------------------
(Each sonicwall has a public ip)
| |
| |
----------- ---------
|Pro3060 | |Pro3060|
----------- ---------
(Default GW) (Gatway to second Data cetner)
| |
| |
| |
--------------------------------
| LAN 10.0.4.0/25 |
--------------------------------
(Servers and clients)
Servers and clients have static routes inserted into their local routing table telling them to use the default gateway for all traffic exiting this network that is not destined for my second data center. Second data center traffic is routed through the sonicwall responsible for creating and maintaining the site to site vpn connection.
Now, I have the exact same setup in another co-location facility, execpt its private network ip range is 10.10.4.0/25.
The problem I'm experiencing is that the tunnel between data centers will fail, meaning I'll experience 100% packet loss for around 10 seconds, and then it will come back up. I'm also seeing a lot of messages when I sniff packets that look like this:
[TCP Previous segment lost] Encrypted response packet len=X
[TCP Out-Of-Order] Encrypted response packet len=X
Between data centers I have 2 mysql database servers replicating, the problem is that this replication becomes disrupted when too much packet loss / retransmission occurs. I'm essentially using the default vpn setup on each sonicwall, except I've enabled fragmented packets, but disabled the ignore don't fragment bit. Sonicwall tech support advised I do this because of the size of data I was pushing back and forth between facilities.
At this point I have no idea what to do. Does anyone have a tip?
thanks!
