NAT Slow connection.

[tester125]

Hi All,

I have a T1 between two buildings A cisco 2620 router on one end. All was working fine, until I created a NAT pool. Now I'm seeing slow connections between the two buildings. Unfortunately I need to have the NAT pool. Does anyone have any thoughts on any additional service that needs to be turned off or on to speed up the traffic?

Thanks

 

[IllegalOperation]

- show ip nat stat
- show ip nat trans
- show proc cpu
- show proc mem

Check your NAT entries. There could possibly be one or two computers with a virus that are beating up your NAT tables. The more NAT entries there are, the more resources it takes for the router to process the information. By the time you get to around 20,000 entries (it can happen), your router should be taking a performance hit. If that is the case, then upgrade to the latest IOS version available and implement some new access lists....

 

[lui3]

do you need dynamic nat between the two sites? if not you could just use a static nat entry to simplify things. also do some ping tests during congestion and some trace routes. you could have a routing issues that is dropping packets. can you post your configuration.

 

[tester125]

Thanks for the input guys,
Here's what I'm trying to accomplish in more detail.
Any host that try to access any resource except for 4.4.4.4 goes out the Fast0/0 interface as it's host address. Any packet that try to access 4.4.4.4 gets natted to 192.x.x.x and goes out the fast0/1 interface. It works okay, except that it's very congested. My IOS version is 12.2, at this moment in time I I'm taking 66,000 hits. Ping works fine, I did a tracert and all hops are completed except that instead of seeing 10ms on the hops, I'm seeing 500ms and more.
Any more thoughts.
I'm relatively new to Cisco, so any help would greatly be appreciated.

Thanks again guys.

EGNCIS20.2#show config
Using 913 out of 29688 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname EGNCIS20.2
!
boot system flash c2600-i-mz.122-8.T10.bin
enable secret 5 $1$.F0l$ViEPBxrkT6tzhsKdLtLh4.
enable password numnut
!
ip subnet-zero
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.5.90.2 255.255.0.0
no ip mroute-cache
speed auto
half-duplex
!
interface Serial0/0
mtu 1524
bandwidth 1536
ip address 10.1.11.1 255.255.255.0
encapsulation ppp
delay 10
!
interface FastEthernet0/1
no ip address
no ip mroute-cache
shutdown
duplex auto
speed auto
!
ip classless
ip route profile
ip route 10.2.11.0 255.255.255.0 Serial0/0
ip route 10.2.11.2 255.255.255.255 Serial0/0
ip route 10.25.0.0 255.255.0.0 FastEthernet0/0
ip route 192.168.0.0 255.255.255.0 10.2.11.2
ip http server
ip pim bidir-enable
!
!
!
line con 0
line aux 0
line vty 0 4
password xxxxxxx
login
!
!
end

 

[lui3]

whats the deal with the ethernet interface fa 0/0 being set to speed auto half-duplex. unless it is necessary i would set both to auto auto. do a

sho interface fa 0/0 and check for CRC and frame errors on the input and output side. this can cause slow traffic problems during congestion.

also what is the significance of 4.4.4.4? is this a public host or a private host?

also , who is handling nat statements. i don't see any statements for nat in this configuration. are you doing this on another device?

finally are the ping and traceroutes both seeing 500ms. are they just to certain addresses or all addresses. are their cisco routers on each end or just one side?

 

[kopustes]

Hi,

interface FastEthernet0/0 should be full-duplex mode !!!

kopustes
MicroWan Ethical Hacking

http://www.microwan.net

 

[tester125]

Hey thanks for the input guys,

Sorry I did not get back to you sooner. I am still experiencing the same problem. I chande the two ethernet interface to full duplex mode.
I am seeing a few frame error and CRC errors at this point I see 2 on each.
The 4.4.4.4 address is just a made up address, It's actually an address at a host via a vpn tunnel.
Interface 0/1 is handling the NAT statement. The nat translations works fine and goes out the correct interface.
The tracert is seeing 500ms, I believe it's only showing for the natted address.
Do you believe 1 to 1 nat would ease the congestion.

Any thoughts you help. Thanks again guys.

 

[lui3]

Regarding the ethernet interfaces. What are they connecting two . What are its duplex settings. Both sides should be the same. IE if Ethernet 0/0 on the router/switch is connecting to ethernet port 1 on another switch then both ports should be set to the same duplex setting manually or set to both auto on speed and duplex.

is this a chopped up configuration. I am still not seeing the nat statements in the configuration. interface ether 0/1 is in a shutdown state. is this correct.

also can you do a show interface on the serial interface 0/0 and a

show proc cpu | exclude 0.00

from enable mode. Try and do this during the period you are seeing this latency. we are looking for high cpu.

i still think this looks like a duplex problem or a cable problem. CRC errors normally indicate collisions of some sort and collisions should not be occuring in a fast ethernet environment where speeds are 100 full.

 

[tester125]

Hey thanks for the input: currently there's congestion here's my cpu:

cisco20.2#show proc cpu | exclude 0.00
CPU utilization for five seconds: 97%/58%; one minute: 55%; five minutes: 55%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
2 848 191 4439 0.07% 0.17% 0.06% 66 Virtual Exec
18 3667728 5640130 650 0.30% 0.41% 0.39% 0 TTY Background
29 26011124 10158290 2560 38.56% 10.54% 7.87% 0 IP Input
57 1306768 174443553 7 0.07% 0.03% 0.02% 0 PPP Events

Here's the serial interface info:

Serial0/0 is up, line protocol is up
Hardware is PQUICC with Fractional T1 CSU/DSU
Internet address is 10.1.1.1/24
MTU 1524 bytes, BW 1536 Kbit, DLY 100 usec,
reliability 255/255, txload 15/255, rxload 21/255
Encapsulation PPP, loopback not set
LCP Open
Listen: CDPCP
Open: IPCP
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters 9w3d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 37326
Queueing strategy: weighted fair
Output queue: 10/1000/64/37314 (size/max total/threshold/drops)
Conversations 4/26/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1152 kilobits/sec
5 minute input rate 129000 bits/sec, 31 packets/sec
5 minute output rate 94000 bits/sec, 25 packets/sec
43134663 packets input, 3912108083 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 6 giants, 0 throttles
2924 input errors, 1066 CRC, 1453 frame, 0 overrun, 0 ignored, 405 abort
48226929 packets output, 756390611 bytes, 0 underruns
0 output errors, 0 collisions, 89 interface resets
0 output buffer failures, 0 output buffers swapped out
19 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

Thanks again guys

 

[lui3]

its almost like the other end has a slower connection according the congestion and the output drops. packets are being queued but not sent quickly. have you put a packet sniffer on this to see what is generating all the traffic.


when you remove the nat pool do you get lower cpu results?

 

[tester125]

Hi,

When I removed the NAT pool there's no congestion and all is well. Unfortunatly I do need to NAT. Right now I have a dynamic nat pool setup.

No I did not put a packet sniffer as yet.

Thanks for the input.

 

[lui3]

what version of 12.2 are you running. i will check ciscos site for bugs.

Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization

 

[lui3]

can you post the configuration for the router on the other side of the connection?

Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization

 

[lui3]

also need to see the configuration with the nat enabled

Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization