We have been facing performance issue on a new setup with NAT and OSPF.
Basically, the two routers in the middle are NATing the private customer subnet with 2 pools of public IP (one on each router). The outbound traffic is loadbalanced between the two routers by OSPF.
For the inbound traffic, we have configured two static routes on the router at the top pointing to each pool.
OSPF adjancency is established between the 3 routers at the bottom and the two routers in the middle, also between the router on the top and the twor routers in the middle.
The design works more or less, there is nat translations and the ospf is established but customers complain about poor performance and also some of them cannot connect. When we disconnect one of the 2 routers in the middle, the problem disappears.
We have not done any special OSPF configuration and I am suspecting this could be the problem.
If i understand correctly from your topology, the top router and two routers in the middle uses public ips with /29 mask.
The 2 routers in the middle and the outside interface on customers routers uses public ips with /29 mask.
If thats true my question is why are you using nat on the middle routers? I think nat should be configured on 3 customer routers and using the public ip configured on their outside interface. As you have only 6 hosts ip addresses with /29 mask five you need for routers interfaces, they will have to configure PAT on the outside interface.
Because each customer is a subinterface on these routers and there are more than 500 of them. Moreover, that will imply to modify the provisionning script as well. So it was easier to setup the nat on the routers in the middle.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...