We have been facing performance issue on a new setup with NAT and OSPF.
Basically, the two routers in the middle are NATing the private customer subnet with 2 pools of public IP (one on each router). The outbound traffic is loadbalanced between the two routers by OSPF.
For the inbound traffic, we have configured two static routes on the router at the top pointing to each pool.
OSPF adjancency is established between the 3 routers at the bottom and the two routers in the middle, also between the router on the top and the twor routers in the middle.
The design works more or less, there is nat translations and the ospf is established but customers complain about poor performance and also some of them cannot connect. When we disconnect one of the 2 routers in the middle, the problem disappears.
We have not done any special OSPF configuration and I am suspecting this could be the problem.
Any idea are welcome.
if you are doing NATing how the NATed subnet being advertised by OSPF ? are you using static route to advertise the Public subnet via OSPF ?
alos from high level i guess you have routing issue because you mentioned when you disconnect one of the two edge routers the issue get resolved
can you track the route with traceroute and see which path it take in each direction
then check the next hope IP of each route for that route and see if that next hope reachable
and make sure there is no loop introduced in your network especially in the edge routers ( two top routers )
Yes I am using static routes for the inbound traffic.
I will check the routes as you mentionned. But basically, is this a problem if a customer is going out through two different NAT pools or it should work fine?
If i understand correctly from your topology, the top router and two routers in the middle uses public ips with /29 mask.
The 2 routers in the middle and the outside interface on customers routers uses public ips with /29 mask.
If thats true my question is why are you using nat on the middle routers? I think nat should be configured on 3 customer routers and using the public ip configured on their outside interface. As you have only 6 hosts ip addresses with /29 mask five you need for routers interfaces, they will have to configure PAT on the outside interface.
Hope this helps
Because each customer is a subinterface on these routers and there are more than 500 of them. Moreover, that will imply to modify the provisionning script as well. So it was easier to setup the nat on the routers in the middle.