07-28-2019 04:27 AM - edited 07-28-2019 05:28 AM
hi,
Lan users are not able to connect to youtube if they afer several attempts, the video is just kept buffering.
When we restart the router 4431 if works for sometime and then suddenly users cannot browse youtube.com
The router 4431 is configured with Static NAT, and access-lists.
Already contacted the ISP and they said there is no problem from their end.
what could be the issue.?
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2019.06.25 18:36:19 =~=~=~=~=~=~=~=~=~=~=~=
Current configuration : 2575 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no platform punt-keepalive disable-kernel-core
!
hostname xyz_ROuter
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable password 7 050A020228421F5B4A
!
aaa new-model
!
!
!
!
!
!
!
!
aaa session-id common
!
!
!
ip name-server 84.2.6.55 84.2.57.230
no ip domain lookup
ip domain name xyz.com.sa
!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0/4
no watchdog
!
license udi pid ISR4431/K9 sn FOC22055T8Y
!
spanning-tree extend system-id
!
username admin privilege 15 password 7 050A020228421F5B4A
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 37.2.15.79 255.255.255.254
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description "Connected-to-LAN"
no ip address
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/1.100
encapsulation dot1Q 100
ip address 10.10.10.10 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface Service-Engine0/4/0
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
ip default-gateway 37.2.15.78
ip nat inside source list 131 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 37.224.15.78
ip route 10.1.0.0 255.255.252.0 10.10.10.11
ip route 10.2.0.0 255.255.252.0 10.10.10.11
ip route 10.11.11.0 255.255.255.0 10.10.10.11
ip route 10.170.252.0 255.255.255.0 10.10.10.11
ip ssh time-out 60
!
!
access-list 131 permit ip 10.10.10.0 0.0.0.255 any
access-list 131 permit ip 10.1.0.0 0.0.3.255 any
access-list 131 permit ip 10.2.0.0 0.0.3.255 any
access-list 131 permit ip 10.11.11.0 0.0.0.255 any
access-list 131 permit ip 10.170.252.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
transport input all
!
!
end
07-28-2019 06:45 AM
what will be interface consumption in related to bandwidth to internet.
if you get again the problem, check the interace utilisation, process information.
couple questions : how many users behind this router ? which is effecting ? what is your internet bandwidth size ?
07-28-2019 06:53 AM
Hi Balaji,
1. what will be interface consumption in related to bandwidth to internet.
Ans: Consumption is around 60-70 Mbps (out of 100Mbps )
2. if you get again the problem, check the interace utilisation, process information.
Ans.
GigabitEthernet0/0/1 is up, line protocol is up
Hardware is ISR4431-X-4x1GE, address is --------- (bia -----------)
Description: "Connected-to-LAN"
Internet address is 10.10.10.10/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 7/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is auto, media type is RJ45
output flow-control is off, input flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:48, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 4953000 bits/sec, 1794 packets/sec
5 minute output rate 31239000 bits/sec, 3152 packets/sec
35488933 packets input, 10357813925 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 7839 multicast, 0 pause input
64778300 packets output, 84549865258 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
462 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
xyz_ROuter#sh processes cpu history
11111111111111 1111111111 11111111111
100
90
80
70
60
50
40
30
20
10
0....5....1....1....2....2....3....3....4....4....5....5....6
0 5 0 5 0 5 0 5 0 5 0
CPU% per second (last 60 seconds)
112222121121211211121111111122122111111111112112132111121211
100
90
80
70
60
50
40
30
20
10
0....5....1....1....2....2....3....3....4....4....5....5....6
0 5 0 5 0 5 0 5 0 5 0
CPU% per minute (last 60 minutes)
* = maximum CPU% # = average CPU%
4
536
100
90
80
70
60
50 *
40 *
30 *
20 *
10 * *
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7..
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours)
* = maximum CPU% # = average CPU%
couple questions : how many users behind this router ? which is effecting ? what is your internet bandwidth size ?
i. how many users behind this router ?
Ans: 200
ii. which is effecting ?
Ans: Websites, Applications( Whatsapp), Youtube etc.,
iii. what is your internet bandwidth size ?
Ans: 100Mbps
07-28-2019 12:24 PM
Can you post show version also to look what license you have, base normally is 100MB.
post out of below :
show version
show platform hardware throughput level
below is Lan side interface information, i am more intrested to look WAN Side.
GigabitEthernet0/0/1 is up, line protocol is up
Hardware is ISR4431-X-4x1GE, address is --------- (bia -----------)
Description: "Connected-to-LAN"
After reset the router, how long the Problem comes back ? (days or hours ?)
07-28-2019 11:07 PM
After reset the router, how long the Problem comes back ? (days or hours ?)
Ans: The problem instantly starts.
Here is the below as requested
show version
show platform hardware throughput level
xyz_ROuter#sh ver
Cisco IOS XE Software, Version 03.16.04b.S - Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Mon 17-Oct-16 20:23 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2016 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
xyz_ROuter uptime is 20 hours, 0 minutes
Uptime for this control processor is 20 hours, 1 minute
System returned to ROM by reload
System image file is "bootflash:isr4400-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin"
Last reload reason: PowerOn
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Suite License Information for Module:'esg'
--------------------------------------------------------------------------------
Suite Suite Current Type Suite Next reboot
--------------------------------------------------------------------------------
FoundationSuiteK9 None None None
securityk9
appxk9
AdvUCSuiteK9 None None None
uck9
cme-srst
cube
Technology Package License Information:
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
appxk9 None None None
uck9 uck9 Permanent uck9
securityk9 None None None
ipbase ipbasek9 Permanent ipbasek9
cisco ISR4431/K9 (1RU) processor with 1648789K/6147K bytes of memory.
Processor board ID FGL220880DE
4 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
6598655K bytes of flash memory at bootflash:.
Configuration register is 0x2102
xyz_ROuter# sh platform hardware throughput level
The current throughput level is 500000 kb/s
08-01-2019 08:58 AM
Hello.
Have you got problems with Youtube only? Can you see another video in real time?
08-01-2019 05:12 PM
In issue condition,
- Check if there are any datapath drops using "show platform hardware qfp active statistics drop" CLI. You need to execute this CLI multiple times to see increasing drops. If you see any drops increasing you can check which interface is causing that drop using "show platform hardware qfp active interface all statistics drop" CLI- again multiple time execution to see increase in values. :)
- Check actual datapath utilization at that instance: "show platform hardware qfp active datapath utilization summary" CLI.
- Check if there is any issue with NAT translations, NAT drops, etc using NAT CLIs.
10-08-2019 12:58 PM
Hello,
I don't see any static NAT in the configuration. Either way, the default route looks wrong. If this is your outside interface:
interface GigabitEthernet0/0/0
ip address 37.2.15.79 255.255.255.254
ip nat outside
negotiation auto
then the default route should be
ip route 0.0.0.0 0.0.0.0 37.2.15.78
and not
ip route 0.0.0.0 0.0.0.0 37.224.15.78
Also, remove the default gateway:
--> no ip default-gateway 37.2.15.78
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide