NAT + HSRP or GLBP + FTP inside Servers

RaulMorales · ‎04-10-2008

Hello Guys I need a Litle help, I have 3 days testing this and I Isolate a Problem which I dont understand.

I ahve setup 2 Routers C2600 with IOS 12.4(8) also try 12.4(17) both with same problem!.

Using SNAT FTP go slow as hell!

Config is very simple:

ROUTER A

interface FastEthernet0/0

ip address x.x.x.3 255.255.255.0

ip nat inside

duplex auto

speed auto

glbp 10 ip x.x.x.1

!

interface FastEthernet0/1

bandwidth 4000

ip address xx.xx.xx.xx 255.255.255.224

ip nat outside

duplex auto

speed auto

!

router eigrp 100

redistribute static

passive-interface FastEthernet0/1

network 192.168.9.0

auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 xx.xx.xx.129 !default gateway on isp

!

ip http server

ip http authentication local

ip nat stateful id 1

primary xx.xx.xx.3

peer xx.xx.xx.2

mapping id 10

!

ip nat pool ISP xx.xx.xx.130 xx.xx.xx.130 netmask 255.255.255.224

ip nat inside source list 110 pool ISP overload mapping-ID 10

ip nat inside source static tcp xx.xx.x.240 21 xx.xx.xx.140 21 mapping-id 10

!

access-list 110 deny ip 192.168.9.0 0.0.0.255 10.132.0.0 0.0.255.255

access-list 110 deny ip 192.168.9.0 0.0.0.255 10.136.0.0 0.0.255.255

access-list 110 deny ip 192.168.9.0 0.0.0.255 192.168.50.0 0.0.0.255

access-list 110 deny ip 192.168.9.0 0.0.0.255 192.168.100.0 0.0.0.255

access-list 110 permit ip 192.168.9.0 0.0.0.255 any

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

end

ROUTER B

interface FastEthernet0/0

ip address x.x.x.2 255.255.255.0

ip nat inside

duplex auto

speed auto

glbp 10 ip x.x.x.1

!

interface FastEthernet0/1

bandwidth 4000

ip address xx.xx.xx.xx 255.255.255.224

ip nat outside

duplex auto

speed auto

!

router eigrp 100

redistribute static

passive-interface FastEthernet0/1

network 192.168.9.0

auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 xx.xx.xx.129 !default gateway on isp

!

ip http server

ip http authentication local

ip nat stateful id 1

BACKUP xx.xx.xx.2

peer xx.xx.xx.3

mapping id 10

!

ip nat pool ISP xx.xx.xx.130 xx.xx.xx.130 netmask 255.255.255.224

ip nat inside source list 110 pool ISP overload mapping-ID 10

ip nat inside source static tcp xx.xx.x.240 21 xx.xx.xx.140 21 mapping-id 10

!

access-list 110 deny ip 192.168.9.0 0.0.0.255 10.132.0.0 0.0.255.255

access-list 110 deny ip 192.168.9.0 0.0.0.255 10.136.0.0 0.0.255.255

access-list 110 deny ip 192.168.9.0 0.0.0.255 192.168.50.0 0.0.0.255

access-list 110 deny ip 192.168.9.0 0.0.0.255 192.168.100.0 0.0.0.255

access-list 110 permit ip 192.168.9.0 0.0.0.255 any

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

end

If I disable Snat the FTP go very fast

when i enable it it go slow.. I have debug cached missed none, drops, none

looks like everythign have to do with snat on or off.. I needed ON to share nat tables and use aymetric traffict in ALG

PLEASY ANY HELP!? WHY SNAT MAKE MY FTP SLOW? the rest of trafic is fine with snat ON, email, remote desktop, pop3, web, 443, etc wherever I config for internal server work fine excep for FTP.

Also looks like TFTP got affected too.

I downgrade the routers to 12.3-5a and worked.. but i need some new commands from 12.4.

Many thanks

Raul

RaulMorales · ‎04-10-2008

Ok nevermind I found the Solution, on IOS 12.4 I disable asymmetric Queuing using the command as queueing disable

So I am using GLBP for routing, and HSRP sor SNAT(because SNAT on HSRP mode allow you to disabe asymmetric Queuing) and now FTP is working fast.

Regards

Raul