Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mlinzer
Explorer

Site to Site VPN load balancing across dual links

Hi everyone,

I have a VPN tunnel connecting 2 sites, where all traffic is routed over the tunnel. I just installed dual 100Mb links between the sites, which I would like to use as Active/Active. The service provider installed dual switches on each end, and combines the 2 links using LACP between the switches. I connect the firewalls with a single port to one switch at each site.

My concern is that since all traffic goes over a single VPN tunnel, the LACP will not load balance the traffic between the 2 lines, but will treat it all as one "session". How can I get the traffic to run over both links (and achieve aggregate throughput of 200Mb)?

My other idea was to connect 2 ports on each firewall, one to each line, and bond them together into a single interface, then let the Checkpoint handle the load balancing (using which mode settings?). Which method would work better?

See network diagram below:

 

0 Kudos
1 Reply
Wolfgang
Authority
Authority

I would let do this by the providers environment. In the shown network diagramm, with only LACP between the switches, there is no combination of the two WAN links to a bigger one. If these devices are all under control of your provider they should do this.

Another possibility will be to use an additional interface on both gateways, with additional IP configuration and using of VPN link selection in LoadSharing mode. With this you can use both 100Mbit lines.

best fegards

 Wolgang

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events