Please Recommend CEF option for VPN Tunnel 2

[Ru55ell]

What you your recommendation for CEF, per packet or per destination when VPN tunnels traverse the circuits?

Our ISP provides 3 T1s. 2 of which are on one router utilizing CEF to load balance. The load sharing option was set at per packet. This we think is Ideal. However this is a new setup from our ISP and we utilize these 2 t1s for our VPN traffic. When we moved to this new setup we started experiencing poor performance and opened a service ticket with our ISP. During troubleshooting it was suggested we change the CEF option to per destination. This worked for tunnels established over one circuit and not the other. We had the ISP run extensive testing on the suspect physical circuit and they reported finding no trouble. We plug both circuits back in and all is well, go-figure.

I would like to hear opinions on whether I should ask that the CEF option be put back to per packet.

 

[JOAMON]

Why not bond the two T1 lines together to make one 3 meg connection?

 

[Ru55ell]

Bond using what feature?

These circuits and the router is managed by our ISP. I cannot change the design.

 

[JOAMON]

Multilink. If these two T1 lines terminate with your ISP then they should be able to bond them together in one multilink interface that would give you one full 3 meg connection instead of two 1.5 meg connections. If one of the T1 lines drop then you will not disconnect you will just lose speed until the other line comes back online. I have two T1 lines in this setup connecting me to my ISP and also use this with 2 point to point t1 lines to a remote office. Works great.

 

[Ru55ell]

Gotcha, yea the question is still out on whether MLPPP is available in our area. They (AT&T) said they were rolling it out. Thanks for reminding me. I will inquire to my Rep.

As far as per packet or per destination, which would you choose?

 

[JOAMON]

Depends on the router....per packet is more CPU intensive than per destination. Per packet would be the better choice but monitor you CPU utilization with the show process cpu history command. It it puts your CPU over 80% might consider using per destination or upgrading the router. If you go with the MLPPP then only need standard CEF per destination.

 

[KiscoKid]

Whilst CEF per packet usually ensures a better balance of network traffic, it can cause problems with delay-sensitive traffic such as voice or video. This is due to the possibility of traffic hitting people's IP phones/cams etc out of sequence which is clearly a problem. Per destination doesn't suffer from this issue.

So if using voice/video, use per destination (default). If just standard data, you can use both albeit I'd probably use per destination as (a) it's default and (b) it does a pretty good job of load-balancing anyway.

 

[Ru55ell]

Thanks guys, I appreciate the response. My ISP is unable to deliver MLPPP at this time. I will take the info you provided when considering my next step. The router hosting the two circuits is a 2600 managed by my ISP. We have the three T1s more for availability rather than bandwidth at this time. I don’t think we’re going to overload the CPU. Thanks again and I’ll report the outcome.