Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1062
Views
0
Helpful
5
Replies

NAT issues packet lost - Load balance 3 wan edge router

victor.giusti
Level 1
Level 1

‎05-11-2020 01:49 AM

hi everybody, i have a problem with mi nat configuration, i think is my mistake but i cant found the trouble. someone can help me?
my netork;

Cisco 2801 (witch 2 hwic-4esw and 1 WIC-1ADSL)

FastEthernet0/0 -> Dialer2 (PPPoE Fixed IP) - 15mbps
FastEthernet0/1 -> Dhcp (4mbps)
interface ATM0/2/0 -> Dialer1 (Adsl PPPoE DHCP) 8mbps

Vlan10 = Lan

 

With only one WAN connecion online everything work fine (web brosing ok, adsl test online perfect, game playing ping arround 30 50 no packet lost if i ping google.com), when connect manually a second wan the problems comes up. Too many packet loss, and its impossible to do a adsl online test. The normal web browsing slow down, and its impossible to play games online the ping its to high. 

 

 

 

My Config:

!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname unircgw
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
clock timezone CET 1 0
crypto pki token default removal timeout 0
!
!
dot11 syslog
ip source-route
!
!
no ip cef
ip domain name unirc.eu
ip name-server 172.16.10.2
ip name-server 172.16.20.2
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
vpdn enable
!
!
!
!
!
voice-card 0
!
license udi pid CISCO2801 sn FCZ104214TB
!
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
track 3 ip sla 3 reachability
!
!
interface FastEthernet0/0
description ### WaDSL Ethernet Link ###
ip address 192.168.10.254 255.255.255.0
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
!
interface FastEthernet0/1
description ### DHCP Internet DHCP ###
ip dhcp client route track 3
ip address dhcp
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1452
duplex auto
speed auto
!
interface ATM0/2/0
description ### aDSL ATM Link ###
no ip address
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0/1/0
switchport access vlan 10
no ip address
!
interface FastEthernet0/1/1
switchport access vlan 10
no ip address
!
interface FastEthernet0/1/2
switchport access vlan 10
no ip address
!
interface FastEthernet0/1/3
switchport access vlan 10
switchport stacking-partner interface FastEthernet0/3/0
no ip address
!
interface FastEthernet0/3/0
switchport access vlan 10
switchport stacking-partner interface FastEthernet0/1/3
no ip address
!
interface FastEthernet0/3/1

switchport access vlan 10
no ip address
!
interface FastEthernet0/3/2
switchport access vlan 10
no ip address
!
interface FastEthernet0/3/3
switchport access vlan 10
no ip address
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 172.16.10.1 255.255.255.0
ip mtu 1492
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer0
no ip address
ip virtual-reassembly in
!
interface Dialer1
description ### aDSL PPPoE Dialer Interface ###
ip dhcp client route track 1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer idle-timeout 0
dialer persistent
ppp authentication chap pap callin
ppp chap hostname jsmith@verizon.net
ppp chap password 0 Cisco$123
ppp pap sent-username jsmith@verizon.net password 0 Cisco$123
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
interface Dialer2
description ### WaDSL PPPoE Dialer Interface ###
ip dhcp client route track 2
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in max-reassemblies 64
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname w0054424@wadsl.it
ppp chap password 0 XXXXXXX
ppp pap sent-username XXXXXX@wadsl.it password 0 XXXXX
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
no ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map nat-adsl interface Dialer1 overload
ip nat inside source route-map nat-dhcp interface FastEthernet0/1 overload
ip nat inside source route-map nat-wadsl interface Dialer2 overload
!
!
ip nat inside source static tcp 172.16.10.10 80 195.32.87.115 80 extendable
!
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer2 track 2
ip route 172.16.20.0 255.255.255.0 172.16.10.254 250
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 dhcp track 3
!
ip sla 1
icmp-echo 88.149.202.248 source-interface Dialer1
threshold 1000
timeout 1000
frequency 10
ip sla schedule 1 life forever start-time now
!
!
ip sla 2
icmp-echo 172.31.19.1 source-interface Dialer2
threshold 1000
timeout 1000
frequency 10
ip sla schedule 2 life forever start-time now
!
!
ip sla 3
icmp-echo 192.168.1.1 source-interface FastEthernet0/1
threshold 1000
timeout 1000
frequency 10
ip sla schedule 3 life forever start-time now
!
!
access-list 110 permit ip 172.16.10.0 0.0.0.255 any
access-list 110 permit ip 172.16.20.0 0.0.0.255 any
!
!
!
!
route-map nat-wadsl permit 10
match ip address 110
match interface Dialer2
!
route-map nat-dhcp permit 10
match ip address 110
match interface FastEthernet0/1
!
route-map nat-adsl permit 10
match ip address 110
match interface Dialer1
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
access-class 1 in
exec-timeout 30 0
privilege level 15
login local
transport preferred ssh
transport input ssh
!
scheduler allocate 20000 1000
ntp server 193.204.114.105
ntp update-calendar
end

---------------------

 

Labels:
0 Helpful
5 Replies 5

paul driver
VIP
VIP

‎05-11-2020 02:08 AM

Hello

@victor.giusti wrote:
With only one WAN connecion online everything work fine (web brosing ok, adsl test online perfect, game playing ping arround 30 50 no packet lost if i ping google.com), when connect manually a second wan the problems comes up. Too many packet loss, and its impossible to do a adsl online test. The normal web browsing slow down, and its impossible to play games online the ping its to high

When you say manually, can you elaborate on what you are doing here, is the priamry wan interface still active at this point?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

victor.giusti
Level 1
Level 1
In response to paul driver

‎05-11-2020 03:31 AM - edited ‎05-11-2020 03:32 AM

es. when i physically plug/unplug the RJ-45 on Fastethernet 0/1 and RJ-11 in the ATM Interface. i tried with different combination the result its the same. with only one WAN connection everythings works. i thing the porblem its in the nat config.

 

Regards

0 Helpful

paul driver
VIP
VIP
In response to victor.giusti

‎05-11-2020 04:05 AM - edited ‎05-11-2020 05:31 AM

Hello
It isn’t your NAT( well apart from the static PAT Statement) its mainly your ip sla tracking, you need to provide a more deterministic failover with your static routing, as at present the rtr doesn’t have any preference with the administrative distances for the static routes, they are all the same value =1

However you then may need to make sure the ips addresses being polled by the ip sla are not reachable from the other wan interfaces which could be done by null interfaces with alternative admin distances, but for the time being try the following.

Example:

ip route 0.0.0.0 0.0.0.0 Dialer1 track 1 1
ip route 0.0.0.0 0.0.0.0 Dialer2 track 2 2
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 dhcp track 3 3

interface FastEthernet0/1
no ip dhcp client route track 3 <-- not required as you have defined static routes

nterface Dialer1
no ip dhcp client route track 1

interface Dialer2
no ip dhcp client route track 2


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

victor.giusti
Level 1
Level 1
In response to paul driver

‎05-11-2020 09:52 AM

Hi, thanks

I modified mi config with the sample, and the work better (less packet loss, i can do speedtest)

but i don't have idea how to provide a more deterministic failover

at the moment the console show this:

*May 11 16:37:27.120: %TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down
*May 11 16:37:37.120: %TRACKING-5-STATE: 1 ip sla 1 reachability Down->Up
*May 11 16:37:47.119: %TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down
*May 11 16:37:57.119: %TRACKING-5-STATE: 1 ip sla 1 reachability Down->Up

i thinks this is because on sla1 i ping a internet host ping.ngi.it :

 

ip sla 1
icmp-echo 88.149.202.248 source-interface Dialer1 <-- here i don't have idea how to ping the default gw because change every time
threshold 1000
timeout 1000
frequency 10
ip sla schedule 1 life forever start-time now
!
!
ip sla 2
icmp-echo 172.31.19.1 source-interface Dialer2 <-- i ping default gw i know the addr (fixed ip)
threshold 1000
timeout 1000
frequency 10
ip sla schedule 2 life forever start-time now
!
!
ip sla 3
icmp-echo 192.168.1.1 source-interface FastEthernet0/1 <-- ok the default gw
threshold 1000
timeout 1000
frequency 10
ip sla schedule 3 life forever start-time now

 

0 Helpful

victor.giusti
Level 1
Level 1
In response to victor.giusti

‎05-11-2020 02:12 PM

I try to play online, still the same. high ping rates and to many packet lost. The only way to play is using one wan at time.

I change the ip sla 1 to:

ip sla 1
icmp-echo 151.6.164.11  source-interface Dialer1

 

151.6.164.11 is the actual gw and seem to work fine.

0 Helpful
Customers Also Viewed These Support Documents