10-20-2021 08:44 PM
Hi All,
Following the Cisco Config guide (https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-16/nat-xe-16-book/iadnat-cgn.html) for ASR1001-X, I have configured Dynamic Port Address CGN and it is operational. The following are the details:
CGN IP Pool = 30 Addresses from a /27 Subnet
Internal IP Range = 100.64.0.0/24
Currently have one test subject circuit operating. Subject IP is translating and full Internet Access is available. However the loading of webpage content is extraordinarily slow compared to when same subject connects with static public IP.
According to operating parameters, the ASR would be considered under light loads for both Memory and Processor.
Has anyone experienced similar and is there a known resolution?
This ASR was specifically implemented to utilise its CGN capabilities, but not as it is performing.
Hoping someone has an answer.
Thanks
Craig
10-20-2021 11:44 PM
high level looks for me MTU issue, what was the MTU configured.
Try below : ( need to adjust based on the
tcp mss-adjust 1452 and ip mtu 1492
here is MTU testing can be done to arrive above numbers:
https://networklessons.com/cisco/ccie-routing-switching/pppoe-mtu-troubleshooting-cisco-ios
10-21-2021 12:02 AM
Hello,
post the full running config of your ASR, as well as the output of:
sh intefaces x
where 'x' is the outgoing interface...
10-25-2021 04:23 AM
01-23-2022 02:49 PM
Hi Georg,
Apologies for leaving this subject for several months. Further to the running config I posted in October, I realised I did not provide the sh int ouput for our Outgoing interfaces. Please see below:
GigabitEthernet0/0/0 is up, line protocol is up
Hardware is BUILT-IN-2T+6X1GE, address is a03d.6e0c.7c82 (bia a03d.6e0c.7c82)
Description: IP Transit 1
Internet address is 49.255.130.82/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 38/255, rxload 135/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is auto, media type is LX
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/1047432/1560116 (size/max/drops/flushes); Total output drops: 4
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 52989000 bits/sec, 5746 packets/sec
5 minute output rate 15285000 bits/sec, 4164 packets/sec
127833435430 packets input, 139799066297835 bytes, 0 no buffer
Received 2 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 164279 multicast, 0 pause input
57273482128 packets output, 21337496248078 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions
and
GigabitEthernet0/0/5 is up, line protocol is up
Hardware is BUILT-IN-2T+6X1GE, address is a03d.6e0c.7c87 (bia a03d.6e0c.7c87)
Description: Telstra IP Transit
Internet address is 110.145.234.50/30
MTU 1500 bytes, BW 200000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 2/255, rxload 33/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is auto, media type is LX
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:16, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/655/18 (size/max/drops/flushes); Total output drops: 8436
Queueing strategy: Class-based queueing
Output queue: 0/40 (size/max)
5 minute input rate 26197000 bits/sec, 2671 packets/sec
5 minute output rate 2068000 bits/sec, 596 packets/sec
31672344832 packets input, 35724369399060 bytes, 0 no buffer
Received 1562 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
71626595672 packets output, 29513574049409 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
3 carrier transitions
Currently our 'user' services employ public DNS servers.
Appreciate any direction/advice you can provide
01-24-2022 02:47 AM
may be too old post to go back and review : ( what is other side connected ?)
You see many drops here :
input queue: 0/375/1047432/1560116 (size/max/drops/flushes); Total output drops: 4
check some troubleshooting tip :
https://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/6343-queue-drops.html
10-21-2021 12:24 AM
Hello
Where are the WEB/DNS servers located you are trying to use/access are they (internal/external) to those nat domains.
01-31-2023 05:36 PM
Hi Paul,
Thanks for your question. This project has been on the backburner for quite a while. Currently using external/public DNS.
Thanks
01-31-2023 08:36 AM
Hello, have you found the solution? I have the same problems too? Only help is clear ip nat translations *
01-31-2023 05:40 PM
Hi,
That is certainly not something you want to be doing all the time. No solution as yet, although I have made some changes to our network recently and plan to test the CGNAT again soon. BTW, I answered Paul's post above - we are using external public DNS.
Cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide