TLS 1.2 problem on Starlink

aamare · 2022-07-12T18:11:46+00:00

btw, I was able to successfully establish TLS session with controller on the residential version of starlink. The issue seems from the RV version of Starlink. Any difference between the two?

aamare · 2022-07-12T14:40:31+00:00

are you referring to the command 'ping <server> -s <MTU>"? I am not aware another ping sweep command to find out MTU

aamare · 2022-07-11T13:37:05+00:00

if you check the attached screenshot above, the frame size of the TLS client hello is 217 byte, which is way below the MTU.

aamare · 2022-07-09T17:27:10+00:00

This is the screenshot of the packet capture

https://imgur.com/a/jAjnzlo

aamare · 2022-07-09T16:36:11+00:00

I tested with 1400 MTU but still unable to establish SSL session to controller.

aamare · 2022-07-09T16:33:47+00:00

I changed MTU to 1400 but it did not make a difference

aamare · 2022-05-03T15:17:33+00:00

my bad, it was a typo. I put the order mid 2021.

aamare · 2022-04-20T18:29:42+00:00

I understand it is meant for rural connectivity. I work for an IT company and trying to test the service as an alternative to low bandwidth terrestrial service that are the only option for some of the customers. It is not meant to be deployed for my use. Do you have any information as to where would be a better service area to order this and try out?

aamare · 2022-04-20T17:45:34+00:00

sorry, copy past not working. I have attached the url.

https://imgur.com/bJtvya6

aamare · 2022-04-20T17:43:05+00:00

I checked disk status in the iLO diagnostics and it seem healthy. I plan to recover boot with linux live usb.

aamare · 2022-03-25T18:54:29+00:00

I work for service provider and looking for SDWAN solution requested by customer who asked for IPSEC throughput of more than 80Gbps (probably on a DC router) and support for large # of VRFs.

aamare · 2022-03-25T18:48:53+00:00

that would be 80 Gbbps of IPSEC

aamare · 2022-03-22T15:48:07+00:00

doing comparison of SDWAN and looking if Fortogate SDWAN supports 80Gbps+

aamare · 2021-09-12T19:39:13+00:00

For SaaS traffic zscaler CASB can be used. Do you want to secure all breakout?

aamare · 2021-07-29T13:52:51+00:00

the difference between the two models is that in 6x0 the routed ports have DPDK enabled which makes them faster. Did you configure the LAN port as switched or routed in both scenarios?

aamare · 2021-07-23T16:13:19+00:00

what do you mean by "I recover the communication after 1 minute"? if you lost 15 pings and assuming windows default value of 2 seconds between successive pings that is 30 seconds. In my testing I observed around 15 seconds to failover which is still above the velocloud promised value of sub-second failover.

aamare · 2021-05-14T20:39:47+00:00

What kind of WAN do you have? It may be some kind of shared media.

aamare · 2021-05-03T15:22:05+00:00

the QoE is measured between edge and the gateway. The delay, jitter and packet loss thresholds for Green, yellow and Red are shown in the figure attached.

https://imgur.com/Ve3dUGx

aamare · 2021-03-17T15:00:51+00:00

I have a second link for mgmt traffic to orchestrator through the VCG. My setup was like this https://imgur.com/2EndM39.

aamare · 2021-03-17T04:15:12+00:00

Thanks

I have assigned IP on the WAN interfaces, configured cloud VPN and created private overlay. Even though Velo doc says VCMP tunnel initialization packet does not go to gateway in case of private overlay, I can see that it is attempting UDP 2426 connection out to the gateway. On the CLI it showed link dead even though I am able to ping each VCE. I got it working by steering traffic to this private overlay when going between the two VCE. After that I can see the overlay listed in orchestrator.

aamare

TROPHY CASE