Hi All I have following scheme: - LAN segment 10.5.8.0/24 with router1 (10.5.8.1) and MTU=1500 - two hosts at LAN segment host21 (10.5.8.21) and host22 (10.5.8.22) - host21 and host22 has VIP=172.16.110.30 configured as LAN-interface alias - host21 and host22 ha BGP peering with router1 and announce VIP to router1 - hostX somewhere at intranet - ipsec-tunnel with MTU=1400
ECMP works fine and traffic from other segments to VIP is balanced between host21+host22 by router1. The problem is: when host21 and/or host22 send large packet with DF-bit using VIP as source then ipsec-router sends ICMP "Fragmentation needed" and then this ICMP is _always_ sent to only host22 by router1. I think it may be hard or impossible to find proper VIP-owner to send this ICMP. Is it possible to propagate such ICMP to all VIP-owners in router1 routing-table? Or may some data from ICMP message be used to properly calculate ECMP-hash to find a real VIP-owner which must receive this ICMP? Thanks! -- CU, Victor Gamov
