SD-WAN

We have two vGateways deployed into two different Azure Regions, acting as VPNCs in our network. We setup Hub Meshing between the two and once the tunnels established we were able to ping between VMs and between the two Gateways, although when we attempt to copy files between the two, ICMP packets start dropping and even a 5MB file just fails to copy. Both vGateways are running AOS 10.5.0.1.

Anyone seen this kind of behaviour before? We have an open ticket with TAC, but thought to ask the community as well.

• Both vGateways are unmanaged deployments
• The primary vGateway in the Australia East Region has overlay connections to our physical offices and traffic between the branches and this VPNC is fast - we get 30MBps up/down over SMB, with no ping drops
• The secondary vGateway is in the Australia Southeast Region.
• We have tried both an S2S IPSec tunnel between the two gateways and a Hub Mesh tunnel and they have the same result 

Only thing I have noticed is when Hub Mesh or IPSec tunnels are established, the MTU is 1500, whereas all my Hub-Spoke Orchestrated Tunnels have an MTU of 1450... The Aruba TAC engineer did ask about MTU. We were able to change the IPSec tunnel MTU to 1450 by modifying the DPD MTU setting from 1500 to 1450. This has made no difference to the behaviour / packet loss though.

are you configuring manual IPSEC tunnels between them?

We have two vGateways deployed into two different Azure Regions, acting as VPNCs in our network. We setup Hub Meshing between the two and once the tunnels established we were able to ping between VMs and between the two Gateways, although when we attempt to copy files between the two, ICMP packets start dropping and even a 5MB file just fails to copy. Both vGateways are running AOS 10.5.0.1.

Anyone seen this kind of behaviour before? We have an open ticket with TAC, but thought to ask the community as well.

• Both vGateways are unmanaged deployments
• The primary vGateway in the Australia East Region has overlay connections to our physical offices and traffic between the branches and this VPNC is fast - we get 30MBps up/down over SMB, with no ping drops
• The secondary vGateway is in the Australia Southeast Region.
• We have tried both an S2S IPSec tunnel between the two gateways and a Hub Mesh tunnel and they have the same result 

Only thing I have noticed is when Hub Mesh or IPSec tunnels are established, the MTU is 1500, whereas all my Hub-Spoke Orchestrated Tunnels have an MTU of 1450... The Aruba TAC engineer did ask about MTU. We were able to change the IPSec tunnel MTU to 1450 by modifying the DPD MTU setting from 1500 to 1450. This has made no difference to the behaviour / packet loss though.

I have tried both deploying Hub Mesh and configuring a manual IPsec tunnel between the two vpnc's and get the same instability of the connection between the two. 

are you configuring manual IPSEC tunnels between them?

We have two vGateways deployed into two different Azure Regions, acting as VPNCs in our network. We setup Hub Meshing between the two and once the tunnels established we were able to ping between VMs and between the two Gateways, although when we attempt to copy files between the two, ICMP packets start dropping and even a 5MB file just fails to copy. Both vGateways are running AOS 10.5.0.1.

Anyone seen this kind of behaviour before? We have an open ticket with TAC, but thought to ask the community as well.

• Both vGateways are unmanaged deployments
• The primary vGateway in the Australia East Region has overlay connections to our physical offices and traffic between the branches and this VPNC is fast - we get 30MBps up/down over SMB, with no ping drops
• The secondary vGateway is in the Australia Southeast Region.
• We have tried both an S2S IPSec tunnel between the two gateways and a Hub Mesh tunnel and they have the same result 

Only thing I have noticed is when Hub Mesh or IPSec tunnels are established, the MTU is 1500, whereas all my Hub-Spoke Orchestrated Tunnels have an MTU of 1450... The Aruba TAC engineer did ask about MTU. We were able to change the IPSec tunnel MTU to 1450 by modifying the DPD MTU setting from 1500 to 1450. This has made no difference to the behaviour / packet loss though.