Re: Dual ISP connectivity & speed issues

uptime · ‎12-04-2017

Hi Everyone,

I currently have dual ISPs on a Cisco 1941 IOS v15.2 - 25Mbps Cable (ISP1 typical DS 21-23Mbps US 4-5Mbps) & ADSL (ISP2) with a linked email address connecting at 5Mbps (typical DS 1-2Mbps US <1Mbps). If I connect to the Cable Modem via a standard router I receive 21-23Mbps throughput but if I connect it to the 1941 I can only achieve 5Mbps.

Emails must be sent via ISP2 (ADSL) because mail relay is prohibited by ISP1. All other hosts to connect via the Cable Modem. I used PBR to force the sending of emails (SMTP port 25 traffic) to ISP2 (ADSL) & the rest of the traffic onto ISP1 (Cable). Both the Cable modem (on Gi0/0) & ADSL connection (Dialer1 linked to ATM0/0/0) receive their IP Addresses via DHCP from the ISPs. LAN hosts are connected via int VLAN 100 on a EHWIC.

Apart from the speed issues I think some of the traffic flows are being split across both ISPs or I have some NAT issues because I’m also experiencing intermittent no connectivity issues, excessive ping time, excessive page loading time & partly loaded pages. The Router has the same Static Route Metrics for Dialer1 & Gi0/0 & could also be trying to load balance the connection (which I don’t require). The router has chosen Dialer1 as the candidate default & Gateway of last resort. I have tried the following to resolve the issues:

Thought about setting a higher AD on Dialer1’s static route (so it’s not the preferred route). Unfortunately I can’t work out how to set AD on a static route configured by IPCP on Dialer1 (Static set by command ’ppp ipcp route default’).

Tried removing PBR, NAT & shutting down ATM0/0/0 on ISP2 to try & get ISP1 to connect at full speed (around 21-23Mbps). Caused Dialer1 route to disappear from routing table, fixed connectivity issues, page loading issues & reduced ping time but didn’t fix speed issues.

Noticed Router doesn’t like Set Interface command with PBR to Gi0/0 - ‘%Warning:Use P2P interface for routemap set interface clause’. Read somewhere using it on a multicast interface can cause ARP requests to try to resolve all the IP addresses I'm trying to connect to on the internet.

Other ideas I have are to ask ISP1 (on Gi0/0) for next hop IP Address (or possibly use the one in the current ‘show ip route’ table & use on PBR with ‘set ip next-hop’ command to direct the traffic to the respective ISP rather than sending it to the routers Etheret interface OR delete the static routes & run routing protocols with both ISPs but that sounded a bit extreme.

Not sure if my ACLs are right (referenced same ACLs for both PBR & NAT). When used for PBR if no match normal forwarding should work. Not sure if implicit deny all at bottom will work properly with NAT overload.

Sorry for the long post & thanks for reading.

😊

mahditalebi · ‎12-04-2017

Dear Friend,

Could you add your configuration here ?

uptime · ‎12-04-2017

Hi Mahditalebi,

Here is a cut down of my configuration:

version 15.2

ip cef
no ip dhcp use vrf connected
no ip domain lookup

ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
ip name-server 8.8.8.8
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group pppoe
!
crypto pki trustpoint TP-self-signed-xxxxxxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxxxxxxxx
revocation-check none
rsakeypair TP-self-signed-xxxxxxxxx
!
!
crypto pki certificate chain TP-self-signed-xxxxxxxx
certificate self-signed 01
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
!
spanning-tree portfast bpduguard
username xxxxxx privilege 15 user-maxlinks 2 password xxxxxxxxx
!
redundancy
!
ip tcp synwait-time 5
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description CONNECTION_TO_ISP1_CABLE
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
no ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
!
interface ATM0/0/0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface GigabitEthernet0/1/0
description ACCESS_PORTS
switchport access vlan 100
no ip address
spanning-tree portfast
!
interface Vlan1
no ip address
!
interface Vlan100
ip address 192.168.1.254 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp chap hostname xxxxxxxxxxxxxx@xxxx.com
ppp chap password xxxxxxxxxxxxxxxxxx
ppp ipcp route default
!
ip forward-protocol nd
!
no ip http server
ip http secure-server
!
ip dns server
ip nat inside source static tcp 192.168.2.1 5060 interface GigabitEthernet0/0 5060
! static NAT for VOIP on Gi0/1 details omitted from this config for clarity.
ip nat inside source route-map dynamic-nat-isp1-cable interface GigabitEthernet0/0 overload
ip nat inside source route-map dynamic-nat-isp2-adsl interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list standard PRIVATE-IP-ANY
permit 192.168.1.0 0.0.0.255
!
ip access-list extended SMTP25
permit tcp 192.168.1.0 0.0.0.255 any eq smtp
!
!
route-map dynamic-nat-isp1-cable permit 10
match ip address PRIVATE-IP-ANY
match interface GigabitEthernet0/0
!
route-map PBR permit 10
match ip address SMTP25
set interface Dialer1
!
route-map PBR permit 20
match ip address PRIVATE-IP-ANY
set interface GigabitEthernet0/0
!
route-map dynamic-nat-isp2-adsl permit 10
match ip address SMTP25
match interface Dialer1
!
control-plane

Router#show ip route

Gateway of last resort is 150.101.32.162 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 150.101.32.162
[1/0] via 61.245.144.1
61.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 61.245.144.0/21 is directly connected, GigabitEthernet0/0
L 61.245.150.106/32 is directly connected, GigabitEthernet0/0
118.0.0.0/32 is subnetted, 1 subnets
C 118.211.124.71 is directly connected, Dialer1
150.101.0.0/32 is subnetted, 1 subnets
C 150.101.32.162 is directly connected, Dialer1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan100
L 192.168.1.254/32 is directly connected, Vlan100

mahditalebi · ‎12-05-2017

Dear Uptime,

You need to apply your configured route-map to your internal interface as bellow:

interface Vlan100
  ip policy route-map PBR

HTH

Mahdi

uptime · ‎12-05-2017

Hi Mahditalebi,

Thanks for that, good spot.

I removed the command when I removed NAT, PBR & shutdown ATM0/0/0 & I have forgotten to apply it to the interface again. I have put it back on & brought ATM0/0/0 back up. Still having issues with selecting the right ISP which I think is still due to the Router trying too send the traffic out via ISP2 (ADSL) due to it being the candidate default even with a PBR applied. With both ISPs reachable I'm back to extended ping times & speedtest results of DS-1.81Mbps & US-4.7Mbps. Done some more reading & I might be having issues with Asymmetric Routing but it doesn't explain why when I remove PBR globally & NAT on ISP2 & shutdown ATM0/0/0 I can't achieve a DS throughput of 21-23Mpbs on ISP1. I have also checked int Gi0/0 & I don't have any input or CRC errors, it's running clean. I think I need to find a way to change the AD on the IPCP configured route so Dialer1 will no longer be the candidate default route.

Thanks once again.

mahditalebi · ‎12-05-2017

Check the following configuration:

no ip route 0.0.0.0 0.0.0.0 dhcp
ip route 0.0.0.0 0.0.0.0 Dialer1 10
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

HTH

Mahdi

uptime · ‎12-05-2017

Hi Mahdi,

I have made the changes to the static routes; I might need to select a gateway as per router response.

Dialer1 is still listed as the candidate default even though an AD was set on Dialer1.

Maybe I can use the 'ip default-network' command a couple of times to try & force Gi0/0 to be the candidate default. There is a Cisco configuring a gateway tech note here.

1941#conf t

Enter configuration commands, one per line. End with CNTL/Z.

1941(config)#no ip route 0.0.0.0 0.0.0.0 dhcp

1941(config)#ip route 0.0.0.0 0.0.0.0 gi0/0

%Default route without gateway, if not a point-to-point interface, may impact performance

1941(config)#ip route 0.0.0.0 0.0.0.0 Dialer1 10

1941(config)#int atm0/0/0

1941(config-if)#no shut

1941(config-if)#

1941#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is 150.101.32.137 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 150.101.32.137

is directly connected, GigabitEthernet0/0

61.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 61.245.144.0/21 is directly connected, GigabitEthernet0/0

L 61.245.150.106/32 is directly connected, GigabitEthernet0/0

124.0.0.0/32 is subnetted, 1 subnets

C 124.169.211.11 is directly connected, Dialer1

150.101.0.0/32 is subnetted, 1 subnets

C 150.101.32.137 is directly connected, Dialer1

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.1.0/24 is directly connected, Vlan100

L 192.168.1.254/32 is directly connected, Vlan100

1941#

mahditalebi · ‎12-05-2017

Instead of using ip default-network command, Try "clear ip route" command. Because you have a PBR on your Internal interface, your received traffic will not be decided by static route and it will work according to your route-map rules. The only work that static route does for you is that it tells the router that is possible to send traffic for other networks on this interface.

uptime · ‎12-06-2017

I cleared the routing table but it didn't change the contents.

1941#clear ip route *
1941#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 150.101.32.137 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 150.101.32.137
is directly connected, GigabitEthernet0/0
61.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 61.245.144.0/21 is directly connected, GigabitEthernet0/0
L 61.245.150.106/32 is directly connected, GigabitEthernet0/0
124.0.0.0/32 is subnetted, 1 subnets
C 124.169.211.11 is directly connected, Dialer1
150.101.0.0/32 is subnetted, 1 subnets
C 150.101.32.137 is directly connected, Dialer1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan100
L 192.168.1.254/32 is directly connected, Vlan100

1941#clear ip route 150.101.32.137
1941#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 150.101.32.137 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 150.101.32.137
is directly connected, GigabitEthernet0/0
61.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 61.245.144.0/21 is directly connected, GigabitEthernet0/0
L 61.245.150.106/32 is directly connected, GigabitEthernet0/0
124.0.0.0/32 is subnetted, 1 subnets
C 124.169.211.11 is directly connected, Dialer1
150.101.0.0/32 is subnetted, 1 subnets
C 150.101.32.137 is directly connected, Dialer1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan100

uptime · ‎12-10-2017

I resolved the speed issues. I previously specified the speed & duplex on my distribution switch as 100/full as that's all my adsl router could handle & I didn't want to chance auto neg failing. I used the same switch port to plug into the new router that was configured with auto neg enabled. The results were the switch was 100/full as expected but the router came back configured as 100/half duplex. The switch also had several CRC & input errors. Resolved the miss-match & the speed is now 21-23Mbps as expected.

I changed the default candidate from Dialer1 to Gi0/0 by using the 'ip-default network' command and specifying an ip address that was in the routing table for Gi0/0. I should probably contact my ISP to find out what it should actually be. I'm also getting the occasional looping packet syslog message which will require further investigation, but at this stage I'm connected.

1941#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 61.245.144.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 61.245.144.1
61.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
S 61.0.0.0/8 [1/0] via 61.245.150.106
C 61.245.144.0/21 is directly connected, GigabitEthernet0/0
L 61.245.150.106/32 is directly connected, GigabitEthernet0/0
118.0.0.0/32 is subnetted, 1 subnets
C 118.210.128.233 is directly connected, Dialer1
150.101.0.0/32 is subnetted, 1 subnets
C 150.101.32.137 is directly connected, Dialer1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan100
L 192.168.1.254/32 is directly connected, Vlan100