Re: VDSL 867VAE web page delay / time out

twhittle1 · ‎04-12-2018

Hi All,

I've got an issue on which I'm running out of ideas. Can anyone offer me any advice / point me in the right direction?

I have recently switched broadband providers. I have a VDSL service from talktalk business (prev talk talk consumer) and I have an 867VAE as my internet facing router.

I have it connected and configured and the internet connection is working, mostly... Weird little things keep happening which is making the connection unusable:

certain pages take a long time to load, often the first time I go to a new page. The browser just loads and load, not getting anywhere, after a while it'll kick in
when I run an ookla internet speed test the download test works fine but the upload test doesn't work, saying "UPLOAD TEST ERROR - A socket error occurred during the Upload test. A firewall could be blocking the connection or the server might be having some issues. Please try again later. ". Weirdly some other internet speed tests work, for example the native one in chrome.
certain mobile apps stop functioning properly. for example if I go to ebay and search for something it does the same thing as web pages, it gets stuck on loading but never returns any results.

I am fairly sure it's a router configuration problem rather than the line or the network. The reason for this is when I connect the talktalk supplied router I don't get these issues. And nothing else is changing. Same switches, firewalls, wireless etc in between. And it happens across the whole network, as well as if I plug in directly to one of the router Fast Ethernet ports and get a DHCP address from the local scope.

I've tried 3 different software IOS versions so I don't believe this is the issue.

I thought I'd mirrored the configuration on the talktalk router but I must be missing something.

Has anyone seen anything like this before?

Any tips, tricks or ideas?

Many Thanks,

Tom

Francesco Molino · ‎04-12-2018

Hi

Can you share your config?

When you try to access a webpage, can you try in parallels to ping it and do a traceroute and paste outputs of these? Do these 2 commands using ip addresses and dns babes.

If ping and traceroute works fine using IP but not webpages using names, can you check your dns servers?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

twhittle1 · ‎04-13-2018

Hi,

Many Thanks for your response. Pings and traceroutes seem to still go through. I've set a continuous ping going and browsed the web pages and the pings continuously go through but the web pages still go through. There is no notable change in latency. It hovers between 9 and 11ms.

Not sure if it helps but here but attached is the config FYI and also the show vdsl controller 0 output.

I keep tweaking little settings and so far I've not seen any difference.

Any ideas you have would be great.

Many Thanks,

Tom

twhittle1 · ‎04-13-2018

Sorry config didn't upload previously, now attached.

The DNS servers I'm trying to use are googles - 8.8.8.8 8.8.4.4.

Thanks,

Tom

Georg Pauwen · ‎04-13-2018

Hello,

try differnt MTU/TCP adjust sizes:

interface Dialer0
ip mtu 1460
ip address negotiated
ip nat outside
ip virtual-reassembly in
ip virtual-reassembly out
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname xxxx@yyy.com
ppp chap password 0 xxxxxxxxx

twhittle1 · ‎04-13-2018

Hi,

Thanks for the suggestion.

I've made the changes and seemingly no affect :(

there's a couple of mtu settings and I changed them both:

mtu 1460

ip mtu 1460

is there any difference between these?

I assume i don't need to reload the router or anything? I did shut / no shut the dialer interface but no effect.

Thanks,

Tom

Georg Pauwen · ‎04-13-2018

Hello,

looking at your routing, do you actually need the RIP ?

Either way, try and simplify your NAT and configure:

ip nat inside source list 1 interface Dialer0 overload

!

access-list 1 permit 172.16.32.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255

or

ip nat inside source route-map TO_ISP interface Dialer0 overload

!

route-map TO_ISP permit 10
match ip address 1
match interface Dialer0

Francesco Molino · ‎04-13-2018

Can you share show ip route output please?

If I got you well, doing pings work well but accessing webpage not, am i right?
Have you tried pinging using dns name?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

twhittle1 · ‎04-13-2018

Hi,

Thanks, here is the show ip route:

C867VAE#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S* 0.0.0.0/0 is directly connected, Dialer0
S 10.0.0.0/8 [1/0] via 172.16.32.2
62.0.0.0/32 is subnetted, 1 subnets
C y.y.y.y is directly connected, Dialer0 some other IP from ISP
92.0.0.0/32 is subnetted, 1 subnets
C x.x.x.x is directly connected, Dialer0 (my static ip)
172.16.0.0/16 is variably subnetted, 3 subnets, 3 masks
S 172.16.0.0/16 [1/0] via 172.16.32.2
C 172.16.32.0/24 is directly connected, Vlan32
L 172.16.32.1/32 is directly connected, Vlan32

Would it be because I've got 2 IP addresses on my dialer interface?

Regards,

Tom

Francesco Molino · ‎04-13-2018

Why do you have 2 IPs on your dialer interface?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

twhittle1 · ‎04-16-2018

Hi,

Thanks for the below response. I don't know lol. I wasn't sure on that myself but that's what appeared when I enter the "ip address negotiated" command.

Is this quite unusual? Have you ever come across is before?

The other thign that threw me is that both of the addresses are /32. The smallest mask I've ever used is the /30. Is a /32 normal?

Many Thanks,

Tom

Georg Pauwen · ‎04-13-2018

Hello Tom,

I have simplified the config (important parts in bold), see if you get it to work this way:

version 15.7
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C867VAE
!
boot-start-marker
boot system flash:c860vae-advsecurityk9-mz.157-3.M2.bin
boot-end-marker
!
!
enable secret xxxxxxxxx
!
aaa new-model
!
aaa session-id common
wan mode dsl

!
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 172.16.32.1
!
ip dhcp pool VLAN10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8 8.8.4.4
lease 3
!
ip dhcp pool VLAN32
network 172.16.32.0 255.255.255.0
default-router 172.16.32.1
dns-server 8.8.8.8 8.8.4.4
lease 3
!
ip domain name tomnet.local
ip name-server 79.79.79.77
ip cef
no ipv6 cef
!
vtp domain tomnet.local
vtp mode transparent
username user secret 4 xxxxxxx
!
controller VDSL 0
operating mode vdsl2
sra
!
vlan 10
name HOUSE-OPEN
!
vlan 32
name HOUSE-ASA-OUTSIDE
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
description VDSL
no ip address
no cdp enable
!
interface Ethernet0.101
encapsulation dot1Q 101
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1452
no cdp enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0
description ACCESS-VLAN10
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet1
description ACCESS-VLAN10
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet2
description ACCESS-VLAN10
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet3
description CONN-ASA5505
switchport access vlan 32
no ip address
!
interface GigabitEthernet0
description CONN-C3560C
switchport access vlan 310
no ip address
!
interface GigabitEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1
no ip address
!
interface Vlan1
no ip address
!
interface Vlan10
description HOUSE-OPEN
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan32
description CONN HOUSE ASA OUTSIDE
ip address 172.16.32.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
ip virtual-reassembly out
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname xxxx@yyy.com
ppp chap password 0 xxxxxxxxx
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended ACL-BLOCK-SSH
deny tcp any any eq telnet
deny tcp any any eq 22
permit ip any any
!
access-list 1 permit 172.16.0.0
access-list 1 permit 192.168.10.0
!
dialer-list 1 protocol ip permit
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
password password
logging synchronous
transport preferred ssh
transport input ssh
!
scheduler allocate 60000 1000
ntp server 1.uk.pool.ntp.org
ntp server 0.uk.pool.ntp.org
!
end

twhittle1 · ‎04-13-2018

Hi Georg,

Many Thanks for the below.

I've left in some of the config because I've got the 10.0.0.0 /8 network further downstream. See attached topology.

I'm fairly sure it's not a routing issue (although I'm open to any suggestions :) ) because when I swap out the 867VAE for the talktalk supplied router it all works fine.

I've added in the lease to the DHCP pool and the DHCP excluded address and sadly no joy :(

I would have assumed it was an ISP issue but the router they provided me works :(

Thanks,

Tom

twhittle1 · ‎04-13-2018

Sorry I missed the picture

regards,

Tom

twhittle1 · ‎04-13-2018

I do have a number of interface resets and unknown protocol drops, and output drops could this be it?

Ethernet0 is up, line protocol is up
Hardware is BCM vdsl Ethernet, address is d48c.b524.11c6 (bia d48c.b524.11c6)
Description: VDSL
MTU 1500 bytes, BW 19999 Kbit/sec, DLY 500 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/150/0/0 (size/max/drops/flushes); Total output drops: 393
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 32000 bits/sec, 3 packets/sec
5 minute output rate 2000 bits/sec, 2 packets/sec
2977497 packets input, 3965796160 bytes, 0 no buffer
Received 9726 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
1017465 packets output, 139678122 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
9718 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

Thanks for all your help so far everyone!

Regards,

Tom