Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1167
Views
5
Helpful
9
Replies

Very Slow webpage loading - Dynamic Port Address Carrier Grade NAT

claurie
Level 1
Level 1

‎10-20-2021 08:44 PM

Hi All,

Following the Cisco Config guide (https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-16/nat-xe-16-book/iadnat-cgn.html) for ASR1001-X, I have configured Dynamic Port Address CGN and it is operational. The following are the details:

CGN IP Pool = 30 Addresses from a /27 Subnet

Internal IP Range = 100.64.0.0/24

 

Currently have one test subject circuit operating. Subject IP is translating and full Internet Access is available. However the loading of webpage content is extraordinarily slow compared to when same subject connects with static public IP.

 

According to operating parameters, the ASR would be considered under light loads for both Memory and Processor.

Has anyone experienced similar and is there a known resolution?

 

This ASR was specifically implemented to utilise its CGN capabilities, but not as it is performing.

 

Hoping someone has an answer.

Thanks

Craig

1 person had this problem
Labels:
9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

‎10-20-2021 11:44 PM

high level looks for me  MTU issue, what was the MTU configured.

 

Try below : ( need to adjust based on the 

tcp mss-adjust 1452 and ip mtu 1492 

 

here is MTU testing can be done  to arrive above numbers:

 

https://networklessons.com/cisco/ccie-routing-switching/pppoe-mtu-troubleshooting-cisco-ios

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Georg Pauwen
VIP
VIP

‎10-21-2021 12:02 AM

Hello,

 

post the full running config of your ASR, as well as the output of:

 

sh intefaces x

 

where 'x' is the outgoing interface...

0 Helpful

claurie
Level 1
Level 1
In response to Georg Pauwen

‎10-25-2021 04:23 AM

Router#sh run
Building configuration...

Current configuration : 32471 bytes
!
! Last configuration change at 13:27:54 AEDT Wed Oct 20 2021
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
! Call-home is enabled by Smart-Licensing.
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 10000000
!
hostname Router
!
boot-start-marker
boot system flash asr1001x-universalk9.16.09.05.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$77um$WIAsz8lcusgPs4zIiye4i1
enable password 7 0203085A1F030B23434F1D48554743
!
!
transport-map type persistent webui https-webui
server
secure-server
!
no aaa new-model
clock timezone AEDT 11 0
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
no ip source-route
ip options drop
!
!
!
!
!
!
ip nbar http-services
!
!
!
no ip domain lookup
ip dhcp relay information trust-all
ip dhcp excluded-address 103.102.223.237
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-34273833
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-34273833
revocation-check none
rsakeypair TP-self-signed-34273833
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-34273833
certificate self-signed 01
3082032C 30820214 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33343237 33383333 301E170D 32313032 31323030 34373230
5A170D33 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D333432 37333833
33308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201
01009859 3207C0B8 CD6258A4 A2127674 2E3AE4E0 13C2728E 8751195E 9B9CBB1F
C92DAC94 281E322C 4A6A4FB8 0F08C94A 4AF91042 6CC64A93 F1D5DDDB 46241A75
8B111AB1 9376B1EA E1DFF6B2 DEB00776 CB09B8AF E19C287B 02E4F579 B805DE1D
C915F63B FC0962CD 19E34595 E7DF9141 403DC53A BA7B64BA C5EEA332 955D8AFA
2C863763 2D437479 51BB3F88 23DFF9EB 4F636627 1E32E7BF 08D5368C 584EC3A2
F780FA98 11BB1201 504DCEB0 549E1C76 9EC0BDBB 19E0D750 9A30CD85 D3BB36F9
12B76476 C91D5F66 42045FD0 5C91AB5F EBF0F3D2 6A80B722 87DCB472 4415A93D
90BA0DB4 E03D45FE 6583F739 BA6484CD 16B2405C 2EBEF0E8 D74EF551 E8E2BA20
15B90203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 142B215C CDEF0E98 A2F8C8DA C77B30AA 1A023A4C 24301D06
03551D0E 04160414 2B215CCD EF0E98A2 F8C8DAC7 7B30AA1A 023A4C24 300D0609
2A864886 F70D0101 05050003 82010100 04FED957 3852B094 A5FE3A7D 7648A719
B9C3A508 D1567A24 4AB97D5A B1415FA7 7D12D08C AC71FF21 8AFA7D45 9D710EFB
5AB2B31E E5ACCA00 068A2D50 B723141F D8ABC74C E120E5B6 215FF452 0FC7D628
67E13BE7 A3AE0B38 EB7BC3A2 348BC8C2 4AEC3EF9 E2A2501B 9E111C40 78CB9C70
729273B0 08B0BD47 A3A8A37F 6378425E A5EB4E14 1E638047 49E5C70E D6A61370
5A60D76F 8DA8A869 91DD545C 8BEAC318 585FF7EE DB143E99 6C59328E 3A3BD4AF
10EFB4C6 DB5F1445 D06612BB 886632D2 2AF0B8A3 ABC56C83 C9737FB9 5F75DB87
9068E80E 4AD3284C EEBD2410 2BE00326 D4139870 0AE6DAD6 6312FF20 000555C4
641BE20C 28F1F2F5 DBDBF615 EB5DA49A
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
license udi pid ASR1001-X
license accept end user agreement
license boot level adventerprise
no license smart enable
!
spanning-tree extend system-id
diagnostic bootup level minimal
!
!
!
username admin privilege 15 password 7 05080F1C2243
!
redundancy
mode none
!
!
!
!
!
!
!
class-map match-all WEBUI-MULTIMEDIA_CONFERENCING-DSCP
match dscp af41
class-map match-all WEBUI-BROADCAST_VIDEO-NBAR
match protocol attribute traffic-class broadcast-video
match protocol attribute business-relevance business-relevant
match protocol rtp-video
class-map match-all WEBUI-VOICE-NBAR
match protocol attribute traffic-class voip-telephony
match protocol attribute business-relevance business-relevant
match protocol rtp-audio
class-map match-all VOIP-OFFICE-IN
match access-group 100
class-map match-all WEBUI-MULTIMEDIA_CONFERENCING-NBAR_NBN
match protocol attribute traffic-class multimedia-conferencing
class-map match-all WEBUI-NETWORK_CONTROL-NBAR_NBN
match protocol attribute traffic-class network-control
class-map match-all WEBUI-BULK_DATA-NBAR
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all WEBUI-SIGNALING-NBAR
match protocol attribute traffic-class signaling
match protocol attribute business-relevance business-relevant
class-map match-all WEBUI-NETWORK_CONTROL-DSCP
match dscp cs6
class-map match-all WEBUI-SCAVENGER-NBAR
match protocol attribute business-relevance business-relevant
class-map match-all WEBUI-SIGNALING-NBAR_NBN
match protocol attribute traffic-class signaling
class-map match-all WEBUI-BULK_DATA-NBAR_NBN
match protocol attribute traffic-class bulk-data
class-map match-all WEBUI-SCAVENGER-DSCP
match dscp cs1
class-map match-all WEBUI-NETWORK_CONTROL-NBAR
match protocol attribute traffic-class network-control
match protocol attribute business-relevance business-relevant
class-map match-all WEBUI-SIGNALING-DSCP
match dscp cs3
class-map match-all WEBUI-BROADCAST_VIDEO-DSCP
match dscp cs5
class-map match-all WEBUI-MULTIMEDIA_CONFERENCING-NBAR
match protocol attribute traffic-class multimedia-conferencing
match protocol attribute business-relevance business-relevant
class-map match-all WEBUI-VOICE-DSCP
match dscp ef
class-map match-all WEBUI-NETWORK_MANAGEMENT-NBAR
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant
class-map match-all WEBUI-MULTIMEDIA_STREAMING-DSCP
match dscp af31
class-map match-all WEBUI-TRANSACTIONAL_DATA-NBAR_NBN
match protocol attribute traffic-class transactional-data
class-map match-all WEBUI-REALTIME_INTERACTIVE-NBAR
match protocol attribute traffic-class real-time-interactive
match protocol attribute business-relevance business-relevant
class-map match-all WEBUI-TRANSACTIONAL_DATA-DSCP
match dscp af21
class-map match-all WEBUI-REALTIME_INTERACTIVE-DSCP
match dscp cs4
class-map match-all WEBUI-TRANSACTIONAL_DATA-NBAR
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all WEBUI-REALTIME_INTERACTIVE-NBAR_NBN
match protocol attribute traffic-class real-time-interactive
class-map match-all WEBUI-NETWORK_MANAGEMENT-DSCP
match dscp cs2
class-map match-all WEBUI-NETWORK_MANAGEMENT-NBAR_NBN
match protocol attribute traffic-class ops-admin-mgmt
class-map match-all WEBUI-MULTIMEDIA_STREAMING-NBAR
match protocol attribute traffic-class multimedia-streaming
class-map match-all WEBUI-BULK-DATA-DSCP
match dscp af11
class-map match-any WEBUI-MULTIMEDIA_STREAMING_NBN
match protocol attribute traffic-class multimedia-streaming
match protocol rtsp
!
policy-map VOIP-POLICY-IN
class VOIP-OFFICE-IN
set dscp ef
class class-default
set dscp default
policy-map WEBUI-MARKING-IN
class WEBUI-VOICE-NBAR
set dscp ef
class WEBUI-BROADCAST_VIDEO-NBAR
set dscp cs5
class WEBUI-REALTIME_INTERACTIVE-NBAR
set dscp cs4
class WEBUI-MULTIMEDIA_CONFERENCING-NBAR
set dscp af41
class WEBUI-MULTIMEDIA_STREAMING-NBAR
set dscp af31
class WEBUI-SIGNALING-NBAR
set dscp cs3
class WEBUI-NETWORK_CONTROL-NBAR
set dscp cs6
class WEBUI-NETWORK_MANAGEMENT-NBAR
set dscp cs2
class WEBUI-TRANSACTIONAL_DATA-NBAR
set dscp af21
class WEBUI-BULK_DATA-NBAR
set dscp af11
class WEBUI-SCAVENGER-NBAR
set dscp cs1
class class-default
set dscp default
policy-map WEBUI-QUEUING-OUT-CL
class WEBUI-VOICE-DSCP
priority percent 10
class WEBUI-BROADCAST_VIDEO-DSCP
priority percent 5
class WEBUI-REALTIME_INTERACTIVE-DSCP
priority percent 10
class WEBUI-MULTIMEDIA_CONFERENCING-DSCP
priority percent 15
class WEBUI-NETWORK_CONTROL-DSCP
bandwidth percent 2
class WEBUI-SIGNALING-DSCP
bandwidth percent 2
class WEBUI-NETWORK_MANAGEMENT-DSCP
bandwidth percent 3
class WEBUI-TRANSACTIONAL_DATA-DSCP
bandwidth percent 10
fair-queue
random-detect dscp-based
class WEBUI-BULK-DATA-DSCP
bandwidth percent 4
fair-queue
random-detect dscp-based
class WEBUI-SCAVENGER-DSCP
bandwidth percent 1
class WEBUI-MULTIMEDIA_STREAMING-DSCP
priority percent 15
class class-default
bandwidth percent 23
policy-map WEBUI-QUEUING-OUT
class WEBUI-VOICE-DSCP
priority percent 10
class WEBUI-BROADCAST_VIDEO-DSCP
priority percent 10
class WEBUI-REALTIME_INTERACTIVE-DSCP
priority percent 13
class WEBUI-NETWORK_CONTROL-DSCP
bandwidth percent 2
class WEBUI-SIGNALING-DSCP
bandwidth percent 2
class WEBUI-NETWORK_MANAGEMENT-DSCP
bandwidth percent 3
class WEBUI-MULTIMEDIA_CONFERENCING-DSCP
bandwidth percent 10
fair-queue
random-detect dscp-based
class WEBUI-MULTIMEDIA_STREAMING-DSCP
bandwidth percent 10
fair-queue
random-detect dscp-based
class WEBUI-TRANSACTIONAL_DATA-DSCP
bandwidth percent 10
fair-queue
random-detect dscp-based
class WEBUI-BULK-DATA-DSCP
bandwidth percent 4
fair-queue
random-detect dscp-based
class WEBUI-SCAVENGER-DSCP
bandwidth percent 1
class class-default
bandwidth percent 25
fair-queue
random-detect dscp-based
policy-map WEBUI-MARKING-IN-CL
class WEBUI-VOICE-NBAR
set dscp ef
class WEBUI-BROADCAST_VIDEO-NBAR
set dscp cs5
class WEBUI-REALTIME_INTERACTIVE-NBAR_NBN
set dscp cs4
class WEBUI-MULTIMEDIA_CONFERENCING-NBAR_NBN
set dscp af41
class WEBUI-SIGNALING-NBAR_NBN
set dscp cs3
class WEBUI-NETWORK_CONTROL-NBAR_NBN
set dscp cs6
class WEBUI-NETWORK_MANAGEMENT-NBAR_NBN
set dscp cs2
class WEBUI-TRANSACTIONAL_DATA-NBAR_NBN
set dscp af21
class WEBUI-MULTIMEDIA_STREAMING_NBN
set dscp af31
policy-map WEBUI-QUEUING-OUT-NBN
class WEBUI-VOICE-DSCP
priority percent 5
class WEBUI-BROADCAST_VIDEO-DSCP
priority percent 5
class WEBUI-REALTIME_INTERACTIVE-DSCP
priority percent 5
class WEBUI-MULTIMEDIA_CONFERENCING-DSCP
priority percent 15
class WEBUI-MULTIMEDIA_STREAMING-DSCP
priority percent 15
class WEBUI-NETWORK_CONTROL-DSCP
bandwidth percent 2
class WEBUI-SIGNALING-DSCP
bandwidth percent 2
class WEBUI-NETWORK_MANAGEMENT-DSCP
bandwidth percent 2
class WEBUI-TRANSACTIONAL_DATA-DSCP
bandwidth percent 10
fair-queue
random-detect dscp-based
class WEBUI-BULK-DATA-DSCP
bandwidth percent 4
fair-queue
random-detect dscp-based
class WEBUI-SCAVENGER-DSCP
bandwidth percent 1
class class-default
bandwidth percent 34
fair-queue
random-detect dscp-based
!
!

!
interface GigabitEthernet0/0/0
description IP Transit
bandwidth 200000
ip address 49.XXX.XXX.XXX 255.255.255.252
ip nbar protocol-discovery
ip nat outside
ip access-group TRAFFIC in
ip access-group TRAFFIC out
negotiation auto
service-policy input WEBUI-MARKING-IN-CL
!
interface GigabitEthernet0/0/1
description IX Link
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.1
description IX-Peering Link
bandwidth 100000
encapsulation dot1Q 500
ip address 103.XXX.XXX.XXX 255.255.255.0
ip nat outside
!
interface GigabitEthernet0/0/2
bandwidth 100000
no ip address
ip nbar protocol-discovery
ip access-group TRAFFIC in
ip access-group TRAFFIC out
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
description Customer NNI VIC TAS
mtu 9000
bandwidth 100000
no ip address
ip nbar protocol-discovery
negotiation auto
ipv6 enable
service-policy input WEBUI-MARKING-IN-CL
service-policy output WEBUI-QUEUING-OUT-CL
!
interface GigabitEthernet0/0/3.13110
description POI_3BEN_3110
encapsulation dot1Q 3110 second-dot1q 3501
ip address 100.64.0.1 255.255.255.0
ip nat inside
!

interface GigabitEthernet0/0/4
description Edge.TR.M1 to GW.M1
ip address 103.XXX.XXX.XXX 255.255.255.252
ip nat outside
negotiation auto
no mop enabled
service-policy input WEBUI-MARKING-IN
service-policy output WEBUI-QUEUING-OUT
!
interface GigabitEthernet0/0/5
description IP Transit 2
bandwidth 200000
ip address 110.XXX.XXX.XXX 255.255.255.252
ip nbar protocol-discovery
ip nat outside
ip access-group TRAFFIC in
ip access-group TRAFFIC out
negotiation auto
service-policy input WEBUI-MARKING-IN-CL
service-policy output WEBUI-QUEUING-OUT
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
router ospfv3 1
router-id 1.1.1.1
!
address-family ipv4 unicast
exit-address-family
!
address-family ipv6 unicast
default-information originate always
redistribute bgp 137042
exit-address-family
!
router ospf 1
network 103.XXX.XXX.XXX 0.0.0.31 area 0 (CGN Pool)
default-information originate
!
router bgp 137042
bgp router-id interface GigabitEthernet0/0/1.1
no bgp enforce-first-as
bgp log-neighbor-changes
!
scope global
neighbor 49.XXX.XXX.XXX remote-as XXXX
neighbor 103.XX.XX.XXX remote-as XXXXX
neighbor 103.XX.XX.XXX remote-as XXXX
neighbor 110.XXX.XXX.XXX remote-as XXXX
!
address-family ipv4
network 103.XXX.222.X mask 255.255.255.0
network 103.XXX.223.X mask 255.255.255.0
neighbor 49.XXX.XXX.XX activate
neighbor 49.XXX.XXX.XX filter-list 1 out
neighbor 103.XX.XX.XX activate
neighbor 103.XX.XX.XX filter-list 1 out
neighbor 103.XX.XX.XX activate
neighbor 110.XXX.XXX.XX activate
neighbor 110.XXX.XXX.XX filter-list 1 out
!
!
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip nat settings mode cgn
no ip nat settings support mapping outside
ip nat pool cgnat-pool 103.XXX.XXX.160 103.XXX.XXX.191 netmask 255.255.255.224
ip nat inside source list 2 pool cgnat-pool overload
ip route 103.XXX.222.0 255.255.255.0 Null0
ip route 103.XXX.223.0 255.255.255.0 Null0
!
ip as-path access-list 1 permit ^$
ip as-path access-list 1 permit ^4826$
!
!
ip access-list extended RBW-DenyB
deny ip host 193.XX.XXX.15 any
deny ip host 194.XX.XXX.XXX any
deny ip host 194.XX.XX.XX any
permit ip any any
ip access-list extended TRAFFIC
deny udp any any eq 17
permit ip any any
logging trap warnings
logging host 103.XXX.222.XXX
access-list 2 permit 100.64.0.0 0.0.0.255
access-list 23 permit 103.XXX.222.XXX
ip access-list extended 100
permit udp any any range 16384 32767
permit tcp any any eq 1720

route-map VocusBGP permit 10
match interface GigabitEthernet0/0/0
!
route-map VocusBGP permit 4826
set as-path tag
!
snmp-server community XXXXXXXX RW
snmp-server host 103.XXX.222.XXX XXXXXXXXXXXXXXX
!
!
!
control-plane
!
!
!
!
!
!
line con 0
password 7 047A070A0A335F5A06170027170E0E082F387570616D63
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 23 in
password 7 13241B1E0E1E173E242A2D033027110B1310500E0B0012
login
!
!
!
!
!
!
end
0 Helpful

claurie
Level 1
Level 1
In response to Georg Pauwen

‎01-23-2022 02:49 PM

Hi Georg,

 

Apologies for leaving this subject for several months. Further to the running config I posted in October, I realised I did not provide the sh int ouput for our Outgoing interfaces. Please see below:

 

GigabitEthernet0/0/0 is up, line protocol is up
Hardware is BUILT-IN-2T+6X1GE, address is a03d.6e0c.7c82 (bia a03d.6e0c.7c82)
Description: IP Transit 1
Internet address is 49.255.130.82/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 38/255, rxload 135/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is auto, media type is LX
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/1047432/1560116 (size/max/drops/flushes); Total output drops: 4
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 52989000 bits/sec, 5746 packets/sec
5 minute output rate 15285000 bits/sec, 4164 packets/sec
127833435430 packets input, 139799066297835 bytes, 0 no buffer
Received 2 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 164279 multicast, 0 pause input
57273482128 packets output, 21337496248078 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions

 

and

 

GigabitEthernet0/0/5 is up, line protocol is up
Hardware is BUILT-IN-2T+6X1GE, address is a03d.6e0c.7c87 (bia a03d.6e0c.7c87)
Description: Telstra IP Transit
Internet address is 110.145.234.50/30
MTU 1500 bytes, BW 200000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 2/255, rxload 33/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is auto, media type is LX
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:16, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/655/18 (size/max/drops/flushes); Total output drops: 8436
Queueing strategy: Class-based queueing
Output queue: 0/40 (size/max)
5 minute input rate 26197000 bits/sec, 2671 packets/sec
5 minute output rate 2068000 bits/sec, 596 packets/sec
31672344832 packets input, 35724369399060 bytes, 0 no buffer
Received 1562 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
71626595672 packets output, 29513574049409 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
3 carrier transitions

 

Currently our 'user' services employ public DNS servers.

Appreciate any direction/advice you can provide

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to claurie

‎01-24-2022 02:47 AM

may be too old post to go back and review : ( what is other side connected ?)

 

You see many drops here :

 

input queue: 0/375/1047432/1560116 (size/max/drops/flushes); Total output drops: 4

 

check some troubleshooting tip :

 

https://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/6343-queue-drops.html

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎10-21-2021 12:24 AM

Hello

Where are the WEB/DNS servers located you are trying to use/access are they (internal/external) to those nat domains.

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

claurie
Level 1
Level 1
In response to paul driver

‎01-31-2023 05:36 PM

Hi Paul,

Thanks for your question. This project has been on the backburner for quite a while. Currently using external/public DNS.

Thanks

0 Helpful

divadko
Level 1
Level 1

‎01-31-2023 08:36 AM

Hello, have you found the solution? I have the same problems too? Only help is clear ip nat translations *

0 Helpful

claurie
Level 1
Level 1
In response to divadko

‎01-31-2023 05:40 PM

Hi,

That is certainly not something you want to be doing all the time. No solution as yet, although I have made some changes to our network recently and plan to test the CGNAT again soon. BTW, I answered Paul's post above - we are using external public DNS.

Cheers

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card