cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2175
Views
0
Helpful
2
Replies

CEF affected when used with NVI (ip nat enable) on C887VA

slawomir.kunach
Level 1
Level 1

I'm scratching my head second day now trying to find out what the problem here is.

Basically I have a Cisco 887VA router and VDSL service - 40Mbps/10Mbps

External IP address in all examples below is: 111.111.111.111 and internal LAN is 192.168.101.0/24. IOS: 15.1.4M1

My standard config looks like this:

interface Ethernet0

no ip address

!

interface Ethernet0.101

description PPPoE bridging from controller VDSL to dialer 1

encapsulation dot1Q 101

no ip redirects

pppoe-client dial-pool-number 1

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

switchport access vlan 10

no ip address

!

interface Vlan1

ip address 192.168.101.1 255.255.255.0

no ip redirects

ip nat enable

ip tcp adjust-mss 1452

!

interface Vlan10

no ip address

no ip redirects

!

interface Dialer1

mtu 1492

ip address 111.111.111.111 255.255.255.248

no ip redirects

no ip unreachables

ip nat enable

encapsulation ppp

load-interval 30

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname login@domain.com

ppp chap password 0 somerandompassword

ppp direction callout

ppp ipcp header-compression ack

ppp ipcp dns request accept

ppp ipcp address accept

no cdp enable

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat pool WAN 111.111.111.111 111.111.111.111 prefix-length 29

ip nat source list 1 pool WAN overload

!

ip route 0.0.0.0 0.0.0.0 Dialer1

!

access-list 1 permit 192.168.101.0 0.0.0.255

access-list 1 deny   any

dialer-list 1 protocol ip permit

If I run any kind of bandwidth test or try to download a file from the Internet I get maximum 20Mbps (approx 2MB/s when downloading a file).

I started to modify my config to try to find a solution. first thing what I've done was, I created lo0 interface with public IP address and modified Dialer 1, like this:

interface Loopback0
ip address 111.111.111.111 255.255.255.255
no ip redirects
ip nat enable
!

interface Dialer1
mtu 1492
ip unnumbered Loopback0
no ip redirects

....

Well... that didn't change anything at all.

Next thing what I've done was, I assigned the same public IP to one of the VLANs (vlan 10):

interface Vlan10

ip address 111.111.111.111 255.255.255.248

no ip redirects

ip nat enable

!

interface Dialer1

mtu 1492

ip unnumbered Vlan10

no ip redirects interface

          ...

and... still nothing. Still stuck on 20Mbps download speed.

I have thendisconnected FastEthernet 3 which is in VLAN 10 and... SURPRISE! 40Mbps !?!

I would really appreciate if someone could explain to my the behaviour. Wy am I getting only 20Mbps with the simplest possible setup, but when I assign public IP to vlan 10 interface AND disconnect it from everything... I get full speed?

I will appreciate any suggestions and help.

2 Replies 2

slawomir.kunach
Level 1
Level 1

No suggestions what could cause that weir behaviour?

I had some more time to look into this problem in the last couple of days and I think (please correct me if I'm wrong) that CEF is not working properly when used with ip nat enable and NVI interface and packaged get proccess switched instead of cache switched.

As soon as I reconfigured the router to use inside/outside NAT domains everything started to work fine and I got 40Mbps on the clock.

The following output is when I configured the router with inside/outside NAT domains:

router#show ip cef switching statistics feature

IPv4 CEF input features:

       Feature                Drop    Consume       Punt  Punt2Host Gave route

       Dialer i/f overr          0     118930        436          0          0

       NAT Outside               0          0          0        202          0

Total                            0     118930        436        202          0

IPv4 CEF output features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

       Post-routing NAT          0          0          0        203          0

Total                            0          0          0        203          0

IPv4 CEF post-encap features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

Total                            0          0          0          0          0

IPv4 CEF for us features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

Total                            0          0          0          0          0

IPv4 CEF punt features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

Total                            0          0          0          0          0

IPv4 CEF local features:

       Feature                Drop    Consume       Punt  Punt2Host Gave route

Total                            0          0          0          0          0

router#show interfaces stats

Interface ATM0 is disabled

Dialer1

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor        453      83185        482      50551

             Route cache     118945  153143393      80901   43018072

                   Total     119398  153226578      81383   43068623

Ethernet0

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor        462      94555        495      54504

             Route cache     119030  156001324      80701   44657766

                   Total     119492  156095879      81196   44712270

FastEthernet0

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor      82711   44899101     119999  155373314

             Route cache          0          0          0          0

                   Total      82711   44899101     119999  155373314

FastEthernet1

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

FastEthernet2

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

FastEthernet3

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

NVI0

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

Virtual-Access1

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor        460      83359        488      50699

             Route cache     119030  153144604      80901   43018072

                   Total     119490  153227963      81389   43068771

Vlan1

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor       1235     185441       1052     230049

             Route cache      80905   44306264     118936  154570023

                   Total      82140   44491705     119988  154800072

So as you can see only very few packes get punted to process switcheding when used inside/outside NAT domains.

This out put is from the same router configured with NVI and ip nat enable option:

router#show interfaces stats

Interface ATM0 is disabled

Dialer1

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor      20446   22834253        204      94710

             Route cache          0          0      16984   12696305

                   Total      20446   22834253      17188   12791015

Ethernet0

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor      20455   23325455        217      95913

             Route cache          9        334      16855   12917867

                   Total      20464   23325789      17072   13013780

FastEthernet0

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor      17961   13150404      20631   23150582

             Route cache          0          0          0          0

                   Total      17961   13150404      20631   23150582

FastEthernet1

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

FastEthernet2

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

FastEthernet3

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

NVI0

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

Virtual-Access1

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor      20453   22834427        210      94858

             Route cache          9        118      16984   12696305

                   Total      20462   22834545      17194   12791163

Vlan1

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor        437      67543      20630   23066203

             Route cache      17317   12982730          0          0

                   Total      17754   13050273      20630   23066203

router#sh ip cef  switching statistics feature

IPv4 CEF input features:

       Feature                Drop    Consume       Punt  Punt2Host Gave route

       Dialer i/f overr          0          3      20516          0          0

Total                            0          3      20516          0          0

IPv4 CEF output features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

       Post-routing NAT          0          0          0        141          0

Total                            0          0          0        141          0

IPv4 CEF post-encap features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

Total                            0          0          0          0          0

IPv4 CEF for us features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

Total                            0          0          0          0          0

IPv4 CEF punt features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

Total                            0          0          0          0          0

IPv4 CEF local features:

       Feature                Drop    Consume       Punt  Punt2Host Gave route

Total                            0          0          0          0          0

router#sh ip interface

ATM0 is administratively down, line protocol is down

  Internet protocol processing disabled

Dialer1 is up, line protocol is up

  Internet address is 111.111.111.111/29

  Broadcast address is 255.255.255.255

  Address determined by non-volatile memory

  MTU is 1492 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is disabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are never sent

  ICMP unreachables are never sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is enabled

  IP Flow switching is disabled

  IP CEF switching is enabled

  IP CEF switching turbo vector

  IP Null turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, CEF

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is disabled

  BGP Policy Mapping is disabled

  Input features: Stateful Inspection, Dialer i/f override, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check

  Output features: Post-routing NAT NVI Output, Stateful Inspection, Dialer idle reset, Dialer idle reset

Ethernet0 is up, line protocol is up

  Internet protocol processing disabled

Ethernet0.101 is up, line protocol is up

  Internet protocol processing disabled

FastEthernet0 is up, line protocol is up

  Internet protocol processing disabled

FastEthernet1 is down, line protocol is down

  Internet protocol processing disabled

FastEthernet2 is down, line protocol is down

  Internet protocol processing disabled

FastEthernet3 is down, line protocol is down

  Internet protocol processing disabled

NVI0 is up, line protocol is up

  Interface is unnumbered. Using address of Vlan1 (192.168.101.1)

  Broadcast address is 255.255.255.255

  MTU is 1514 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is disabled

  IP fast switching on the same interface is disabled

  IP Flow switching is disabled

  IP CEF switching is disabled

  IP Null turbo vector

  IP Null turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, CEF

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is disabled

  BGP Policy Mapping is disabled

  Input features: MCI Check

  Output features: Post-routing NAT NVI Output

Virtual-Access1 is up, line protocol is up

  Peer address is 222.222.222.222

  Dialer interface is Dialer1

Vlan1 is up, line protocol is up

  Internet address is 192.168.101.1/24

  Broadcast address is 255.255.255.255

  Address determined by non-volatile memory

  MTU is 1492 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are never sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is disabled

  IP CEF switching is enabled

  IP CEF switching turbo vector

  IP Null turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, CEF

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is disabled

  BGP Policy Mapping is disabled

  Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly   After IPSec Decryption, MCI Check, TCP Adjust MSS

  Output features: Post-routing NAT NVI Output, Stateful Inspection, TCP Adjust MSS

The above shows that everything gets process switched instead of CEF.

The last output was taken from the router configured with additional interface vlan 10 (all details of that interface can be found in my firs post) with public IP address and then dial1 was borrowing it - ip unnum vlan 10: (this configuration also gives me correct bandwidth speed BUT as long as vlan 10 is down/down!?)

router#show ip int br

Interface                  IP-Address      OK? Method Status                Protocol

ATM0                       unassigned      YES NVRAM  administratively down down

Dialer1                    111.111.111.111   YES TFTP   up                    up

Ethernet0                  unassigned      YES NVRAM  up                    up

Ethernet0.101              unassigned      YES unset  up                    up

FastEthernet0              unassigned      YES unset  up                    up

FastEthernet1              unassigned      YES unset  down                  down

FastEthernet2              unassigned      YES unset  down                  down

FastEthernet3              unassigned      YES unset  down                  down

NVI0                       192.168.101.1   YES unset  up                    up

Virtual-Access1            unassigned      YES unset  up                    up

Vlan1                      192.168.101.1   YES NVRAM  up                    up

Vlan10                     111.111.111.111   YES manual down                  down

router#show interfaces stats

Interface ATM0 is disabled

Dialer1

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor         74      20270         82       9678

             Route cache      40220   55420566      23946    8246663

                   Total      40294   55440836      24028    8256341

Ethernet0

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor         83      22542         95      10781

             Route cache      40224   56385994      23911    8768267

                   Total      40307   56408536      24006    8779048

FastEthernet0

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor      24890    8885419      40477   56132918

             Route cache          0          0          0          0

                   Total      24890    8885419      40477   56132918

FastEthernet1

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

FastEthernet2

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

FastEthernet3

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

NVI0

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

Virtual-Access1

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor         81      20442         88       9826

             Route cache      40224   55420618      23946    8246663

                   Total      40305   55441060      24034    8256489

Vlan1

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor        618      96031        142      29306

             Route cache      24063    8664885      40331   55923726

                   Total      24681    8760916      40473   55953032

Vlan10

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

router#show ip cef switching statistics feature

IPv4 CEF input features:

       Feature                Drop    Consume       Punt  Punt2Host Gave route

       Dialer i/f overr          0      41110         88          0          0

Total                            0      41110         88          0          0

IPv4 CEF output features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

       Post-routing NAT          0          0          0        251      41240

Total                            0          0          0        251      41240

IPv4 CEF post-encap features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

Total                            0          0          0          0          0

IPv4 CEF for us features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

Total                            0          0          0          0          0

IPv4 CEF punt features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

Total                            0          0          0          0          0

IPv4 CEF local features:

       Feature                Drop    Consume       Punt  Punt2Host Gave route

Total                            0          0          0          0          0

Review Cisco Networking for a $25 gift card