[ jogurt @ 10.08.2006. 12:39 ] @
| Please help! Na jednom ruralnom sajtu imam lokalnu mrezu povezanu na Internet preko Telekoma FR linkom 128kbps (CIR 64kbps). Cisco ruter 1841 je WIC-1T karicom vezan na telekomov FR modem. Code: [ LAN ] ------ [ firewall ] ----- [ cisco1841 ] ---- [ FR modem ] ---------- ( Internet ) | | | [ DMZ server ] Iako sve izgleda OK sto se tice FR linka (vidi ispod), nesto ne valja sa konekcijom na TCP sloju - veci deo vremena gotovo da je neupotrebljiva! Code: Router1841>sh frame-relay pvc PVC Statistics for interface Serial0/0/0 (Frame Relay DTE) Active Inactive Deleted Static Local 1 0 0 0 Switched 0 0 0 0 Unused 0 0 0 0 DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0 input pkts 226254 output pkts 155531 in bytes 57318479 out bytes 84563419 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 6280 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 5 minute input rate 1000 bits/sec, 2 packets/sec 5 minute output rate 0 bits/sec, 1 packets/sec pvc create time 4d19h, last time pvc status changed 4d19h Router1841>sh frame-relay lmi LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. Sent 41553 Num Status msgs Rcvd 41552 Num Update Status Rcvd 0 Num Status Timeouts 1 Last Full Status Req 00:00:19 Last Full Status Rcvd 00:00:19 Kada krenem da ucitam web stranu sa DMZ servera, sajt se veoma sporo ucitava (sporije i od najgoreg Dial-up-a), slike se jedva ucitavaju, a kada se ucitaju, onda je to do pola i sl. Slicno se desava i na mail serveru. U logovima se cesto pojavljuje poruka tipa "SMTP connection established but connection died." Kada ukljucim snifer (Ethereal), vidim gomilu TCP retransmisija i izgubljenih paketa. Evo isecka iz jedne Telnet konverzacije direktno sa ruterom... Code: Frame 386 (55 bytes on wire, 55 bytes captured) Ethernet II, Src: 00:14:85:c7:24:e5 (00:14:85:c7:24:e5), Dst: 00:30:6e:11:27:f1 (00:30:6e:11:27:f1) Internet Protocol, Src: 192.168.ppp.qqq (192.168.ppp.qqq), Dst: 212.200.xxx.xxx (212.200.xxx.xxx) Transmission Control Protocol, Src Port: 4381 (4381), Dst Port: 23 (23), Seq: 2, Ack: 1, Len: 1 Telnet No. Time Source Destination Protocol Info 410 30.295504 192.168.ppp.qqq 212.200.xxx.xxx TELNET [TCP Retransmission] Telnet Data ... Frame 410 (69 bytes on wire, 69 bytes captured) Ethernet II, Src: 00:14:85:c7:24:e5 (00:14:85:c7:24:e5), Dst: 00:30:6e:11:27:f1 (00:30:6e:11:27:f1) Internet Protocol, Src: 192.168.ppp.qqq (192.168.ppp.qqq), Dst: 212.200.xxx.xxx (212.200.xxx.xxx) Transmission Control Protocol, Src Port: 4381 (4381), Dst Port: 23 (23), Seq: 2, Ack: 1, Len: 15 Telnet No. Time Source Destination Protocol Info 411 30.363398 212.200.xxx.xxx 192.168.ppp.qqq TELNET [TCP Previous segment lost] Telnet Data ... Frame 411 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:30:6e:11:27:f1 (00:30:6e:11:27:f1), Dst: 00:14:85:c7:24:e5 (00:14:85:c7:24:e5) Internet Protocol, Src: 212.200.xxx.xxx (212.200.xxx.xxx), Dst: 192.168.ppp.qqq (192.168.ppp.qqq) Transmission Control Protocol, Src Port: 23 (23), Dst Port: 4381 (4381), Seq: 320, Ack: 17, Len: 1 Telnet No. Time Source Destination Protocol Info 412 30.363440 192.168.ppp.qqq 212.200.xxx.xxx TCP [TCP Dup ACK 410#1] 4381 > 23 [ACK] Seq=17 Ack=1 Win=64856 Len=0 Frame 412 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: 00:14:85:c7:24:e5 (00:14:85:c7:24:e5), Dst: 00:30:6e:11:27:f1 (00:30:6e:11:27:f1) Internet Protocol, Src: 192.168.ppp.qqq (192.168.ppp.qqq), Dst: 212.200.xxx.xxx (212.200.xxx.xxx) Transmission Control Protocol, Src Port: 4381 (4381), Dst Port: 23 (23), Seq: 17, Ack: 1, Len: 0 No. Time Source Destination Protocol Info 413 30.366411 212.200.xxx.xxx 192.168.ppp.qqq TELNET [TCP Previous segment lost] Telnet Data ... Frame 413 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:30:6e:11:27:f1 (00:30:6e:11:27:f1), Dst: 00:14:85:c7:24:e5 (00:14:85:c7:24:e5) Internet Protocol, Src: 212.200.xxx.xxx (212.200.xxx.xxx), Dst: 192.168.ppp.qqq (192.168.ppp.qqq) Transmission Control Protocol, Src Port: 23 (23), Dst Port: 4381 (4381), Seq: 322, Ack: 17, Len: 1 Telnet Menjao sam kablove, WIC karticu, menjao slotove, ali nista nisam uspeo da popravim :-( Da li neko ima ideju gde bi mogao da bude problem!? U produzetku navodim deo konfiguracije , a potom i stanje interfejsa Code: ... ! interface FastEthernet0/1 description unutrasnji LAN interfejs ka Firewall-u ip address 192.168.1.2 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip route-cache flow duplex full speed 100 no mop enabled ! interface Serial0/0/0 description WAN-Link-over-Frame-Relay bandwidth 128000 ip address 212.200.xxx.xxx 255.255.255.252 ip access-group Traffic-from-Internet in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ip nat outside encapsulation frame-relay IETF ip route-cache flow fair-queue frame-relay map ip 212.200.xxx.yyy 100 frame-relay lmi-type ansi frame-relay local-dlci 100 frame-relay qos-autosense frame-relay congestion-management ! ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0/0 ip route 0.0.0.0 0.0.0.0 212.200.xxx.yyy ip route 10.0.0.0 255.255.255.0 192.168.1.1 ip route 192.168.0.0 255.255.255.0 192.168.1.1 ip flow-top-talkers top 20 sort-by bytes ! ip nat inside source list NAT interface Serial0/0/0 overload ip nat inside source static tcp 192.168.0.2 22 212.200.xxx.xxx 22 extendable ip nat inside source static tcp 192.168.0.2 25 212.200.xxx.xxx 25 extendable ip nat inside source static tcp 192.168.0.2 80 212.200.xxx.xxx 80 extendable ip nat inside source static tcp 192.168.0.2 443 212.200.xxx.xxx 443 extendable ip nat inside source static tcp 192.168.0.1 443 212.200.xxx.xxx 8000 extendable ip nat inside source static tcp 192.168.0.1 22 212.200.xxx.xxx 55555 extendable ! ip access-list extended NAT permit ip host 192.168.0.1 any permit ip host 192.168.0.2 any ip access-list extended Traffic-from-Internet permit tcp host 212.200.zzz.zzz host 212.200.xxx.xxx eq telnet deny tcp any host 212.200.xxx.xxx eq telnet permit tcp any host 212.200.xxx.xxx eq 22 permit tcp any host 212.200.xxx.xxx eq smtp permit tcp any host 212.200.xxx.xxx eq www permit tcp any host 212.200.xxx.xxx eq 443 permit tcp any host 212.200.xxx.xxx eq 8000 permit tcp any host 212.200.xxx.xxx eq 55555 permit tcp any host 212.200.xxx.xxx established permit udp any host 212.200.xxx.xxx permit icmp any host 212.200.xxx.xxx deny ip any any log ! logging trap notifications logging origin-id hostname logging facility syslog logging 192.168.0.2 snmp-server community xxxxxxxx RO snmp-server location xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx snmp-server contact xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx snmp-server chassis-id xxxxxxxxxx snmp-server host 192.168.0.2 xxxxxxxxxxx no cdp run ! ... Code: Router1841>sh int serial 0/0/0 Serial0/0/0 is up, line protocol is up Hardware is GT96K Serial Description: WAN-Link-over-Frame-Relay Internet address is 212.200.xxx.xxx/30 MTU 1500 bytes, BW 128000 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY IETF, loopback not set Keepalive set (10 sec) LMI enq sent 41501, LMI stat recvd 41500, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 4d19h Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/3/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 96000 kilobits/sec 5 minute input rate 0 bits/sec, 1 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 267533 packets input, 57905779 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 1 CRC, 0 frame, 0 overrun, 0 ignored, 1 abort 198237 packets output, 85226119 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 output buffer failures, 0 output buffers swapped out 3 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Router1841>sh int fa 0/1 FastEthernet0/1 is up, line protocol is up Hardware is Gt96k FE, address is 0017.95c0.9763 (bia 0017.95c0.9763) Description: unutrasnji LAN interfejs ka Firewall-u Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:11, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 1000 bits/sec, 2 packets/sec 5 minute output rate 0 bits/sec, 1 packets/sec 578711 packets input, 156479358 bytes Received 119 broadcasts, 0 runts, 0 giants, 0 throttles 55 input errors, 55 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 823792 packets output, 93627005 bytes, 0 underruns 0 output errors, 0 collisions, 5 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Hvala unapred! Zoran |