We have been trying to implement NAT box 2 box between two 3925 routers,
WE have successfully configured it, but because of the assymetric routing configured on the wan interface
There is a problem that the input queue of the wan interface gets filled in the standby router, after upgrading the router this has stopped but we also upgraded the primary router and now the input queue of the wan interface in the primary router gets filled.
the config is as shown below
control GigabitEthernet0/2.1 protocol 1
asymmetric-routing interface GigabitEthernet0/2.3
asymmetric-routing always-divert enable
timers hellotime msec 500 holdtime msec 2000
description ***** LAN *****
ip address x.x.x.x 255.255.255.252 secondary
ip address x.x.x.x 255.255.255.224
ip nat inside
ip virtual-reassembly in
ip policy route-map bc
redundancy rii 100
redundancy group 1 ip x.x.x.1 exclusive decrement 100
description ***** INTERNET-WAN ******
encapsulation dot1Q xxxx
ip address x.x.x.x 255.255.255.252
ip nat outside
ip virtual-reassembly in
redundancy rii 101
redundancy asymmetric-routing enable
description "RG Control Interface"
encapsulation dot1Q 21
ip address 172.17.17.1 255.255.255.252
description "RG Data Interface"
encapsulation dot1Q 22
ip address 172.17.17.5 255.255.255.252
description "RG Asym_routing Inteface"
encapsulation dot1Q 23
ip address 172.17.17.9 255.255.255.252
ip nat inside source list NAT-POOL-IN pool NAT-POOL-OUT redundancy 1 mapping-id 120 overload
Any help would be appreciated,
Could you move the WAN interface onto a dedicated physical interface? Then it would have a full set of buffers dedicated to it, and the redundancy group traffic would be seperated from it.
It sounds a bit like the routers are under more load than they can handle. What sort of CPU load are you running at?
The wan interface is a dedicated interface mainly for ISP, but the issue is that ISP requires this setup hence we need to make sub interface.
the load on the cpu doesnt cross 60% as far as i saw it.
this was noticed with IOS 15.4(3)-M2/IOS 15.4(3)-M3 with standby router and active router was having no issues at all.
Once we upgraded both routers to 15.4(3)-M4 the standby router input queue has become nore stable than before but the active routers queue gets filled up so fast that means even after increasing the queu size to 24000 it got filled to 2000 with 10 mins.
So to be clear, the issue did not exist before the IOS upgrade to 15.4(3)M4? If so, then it has to be an IOS issue.
That is a gold star release and usually pretty good. I suspect you might need to downgrade unless there was a compelling reason to upgrade.