NAT, BGP, dirty traceroutes only to certain websites.

Unanswered Question
Apr 2nd, 2009

Hey all,

Basically, I have 2 ds3s. rtr1 on ds31, and rtr2 on ds32. I have BGP on both, same ISP, same AN with my ARIN block. I have half my block advertised on rtr1, the other half on rtr2. I have rtr3 hanging off rtr2, which handles a large PAT network. I route a small subnet of live IPs from rtr2 into rtr3, for a NAT pool...

The rtr2->rtr3 connection is a live ip /30.

I'm seeing this anomaly where, on the PAT inside network from rtr3, some random website will not load. I'll traceroute from the end machine, and get a VERY dirty traceroute. I'll then traceroute from the inside interface of router 3, and get a clean trace. After I do this, the end user then gets a clear trace, and can get to the site. Seems like the trace i'm doing from the router interface clears it up.... anyone have this experience?

hope it makes sense... i'll be happy to provide any more info.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Fri, 04/03/2009 - 08:04

Hello Wayne,

how many PAT concurrent translations are on R3 when you see this kind of problem ?

Is CEF enabled on R3?

the action of the traceroute looks like to refresh / change some wrong CEF table entry.

What type of router is R3?

What is the IOS image name ?

Even if in theory 65,535 PAT translations are possible there is a practical limit that is lower (10,000 can be a good number)

Each PAT entry uses memory and can affect CEF tables (if enabled)

Hope to help


wwbishop2 Fri, 04/03/2009 - 08:17

as far as total number of translations.. it's hard to tell. though i can tell you it was between 800-1000 users.

yes, ip cef is enabled.

Cisco IOS Software, 7200 Software (C7200-IS-M), Version 12.4(8b), RELEASE SOFTWARE (fc2)

Cisco 7204VXR (NPE-G1) processor (revision B) with 983040K/65536K bytes of memory.

Processor board ID 26787189

SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2, 512KB L2 Cache

4 slot VXR midplane, Version 2.6

funny you mention CEF... the CEF Process was shooting the CPU util up to a constant 30%, which, in my experience is very high for this router... i've loaded these routers up a lot more, with minimal cpu use.

I'm using a pool of 10 live IPs for NAT overloading.

do i need to disable CEF? would that effect random time outs and such?


This Discussion