From: Chris Lewis (chrlewiscsco@gmail.com)
Date: Mon May 01 2006 - 18:01:52 ART
I see, I misread your initial post, I took the reference to intermittent to
mean in the absence of a /32 route pings were not getting through.
In that case then there are probably other routing issues causing your
problem.
Chris
On 5/1/06, ccie@lockdown.nu <ccie@lockdown.nu> wrote:
>
> If the issue was to do with the order of operation, why would it be an
> intermittent problem? Surely it would either work or not.
>
> Some packets get through, others do not. As I said, if the route is to a
> destination, then all packets are translated - however if the route is to
> an interface, then some get translated, and others do not.
>
> Regards,
> Steve.
>
> > I think your issue stems from the order of operation necessary between
> > routing and NAT.
> >
> >
> > Translations from inside to outside must route first, then translate to
> > get
> > the packet to the right interface. Translations from outside to inside
> > must
> > NAT first then route to get to the right interface. Note that if you are
> > translating from outside to inside, the add-route option is necessary to
> > put
> > a /32 in to correct the routing (or manual insertino of a /32 route).
> >
> >
> >
> > Some debugs of ip nat and ip packet should illustrate this.
> >
> >
> >
> > Chris
> >
> >
> >
> > On 5/1/06, Stephen Vallois-Davies <cisco@lockdown.nu> wrote:
> >>
> >> Hi All,
> >>
> >> I was setting up some NAT, and came across an odd intermittent traffic
> >> throughput problem.
> >>
> >> The setup is as follows:
> >>
> >>
> >>
> >> PC2 ------------- R5 ------------------ PC1
> >> F0/0 f0/1.999 vlan 999
> >>
> >> PC2 = 1.10.10.4
> >> pc1 = 128.1.5.1
> >>
> >> With R5 having the following config:
> >>
> >> interface FastEthernet0/0
> >> ip address 1.10.11.249 255.255.254.0
> >> ip nat inside
> >> !
> >> interface FastEthernet0/1.999
> >> encapsulation dot1Q 999
> >> ip address 128.1.5.5 255.255.255.0
> >> ip nat outside
> >> !
> >> ip route 1.10.13.250 255.255.255.255 128.1.5.1
> >> ip route 128.1.6.0 255.255.255.0 FastEthernet0/0
> >> !
> >> ip nat inside source static 1.10.10.4 128.1.6.254
> >> ip nat outside source static 128.1.5.1 1.10.13.250
> >> !
> >>
> >> If the route for the outside global addresses is a host
> >> route to PC2, then traffic will flow between PC1 and PC2
> >>
> >> However if the route is as follows:
> >>
> >> ip route 1.10.13.250 255.255.255.255 f0/1.999
> >>
> >> then the packet throughput is intermittent. With a ping from
> >> PC1 to PC2, PC2 will always send the echo request to PC1 as follows:
> >>
> >> 1.10.10.4 -> 1.10.13.250
> >>
> >> but then R5 has a problem forwarding/translating the packet.
> >>
> >> Arp entries, nat entries all look good. Any ideas?
> >>
> >> For the outside->inside translation I can use a host as destination for
> >> route, or interface, and translation is unaffected.
> >>
> >> It only seems to be a problem for the 'ip nat outside' configurations.
> >>
> >> Cheers, Steve.
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:20 ART