[lug] Cisco 678 and NAT

[Nate Duehr]

Ben wrote:
> Probably as karmicly induced punishment for cursing the name of Qwest, my
> work has very unreliable DSL from Qwest. Every now and then it is 1.5mps
> (as spec'd), but it drops down to 640, or 128kps or drop outs completely.
> If it drops to a low speed (128kps), it will stay they until I manually
> reset the connection or until DSL goes down fully. On reset, it might get
> to a higher speed, it might not.

How are you seeing this?  Is your connection at the DSL modem actually 
dropping (re-negotiating) to a lower speed, or are you going by throughput?

> (I've yelled at them for weeks and they claim that there is nothing they
> can do: we are far from the station and the wires going from my work to
> the station are shared with 25 T1's and when the T1's are in use I get
> noise pickup and it drops the DSL connection.)

That's silly.  T1's are synchronous circuits and they're always "in 
use".  If they have an outside plant problem with cross-talk, they need 
to fix it.  Of course, they won't -- but they should.

> So what to do? I bought a cisco 678 (I was using their supplied ActionTek)
> and it seems to get slightly higher connection speeds. I also have a
> static ip address. I've got a minicom script that talks to the cisco modem
> and gets its connection speed. I also have a minicom script that runs "set
> int wan0 down" "set int wan0 up" to reset the DSL and allow me to connect
> (potentially) at a higher speed. I've got a little cron job that looks at
> the speed and how long it has been there and decides when to reset the
> DSL. This works fine, in that it now doesn't get hung at low speeds, as it
> will often get bumped down to 400kps for a few minutes, but 10 minutes
> later I can reconnect at (a blazing) 1024kps.

Oh, answers my first question.  Oops.

> But my problem is with NAT. When I do the reset, the cisco resets all its
> NAT tables and all the people using the internet get their connections
> reset. I'd like to not have this happen, but just have the connections
> pause (though potentially time out, I guess)  Now I've got a netgear
> firewall / router between my intranet and the cisco, so the cisco forwards
> everything to the 10.0.0.2 (the firewall) which does NAT to my intranet

Makes sense.

> Intranet (192.168.0.0/24) -> 192.168.0.1 (firewall intranet) -> 10.0.0.2
> (firewall outside) -> 10.0.0.1 (cisco wan0 ip) -> static internet IP
> 
> I've tried adding the line:
> 
> set nat entry add 10.0.0.2
> 
> so it forwards everything to 10.0.0.2. But my ssh connections (and
> whatnot) still get upset by the reset. Is there a better way to do this? I
> don't think Qwest supports bridging mode anymore (I'm using pppo[AE] I
> believe).

The sessions are probably being sent RST's when the router comes back 
up.  Sniffing might show up the cause of the actual loss of the 
sessions, but there probably won't be anything you can do about it.

> Any ideas on how to make the best of crummy dsl? As a side note, the
> internet was very slow all day on Jan 1st! This puts some doubt as to the
> problem being the T1's nearby being used, since I know none of our
> neighbors (low-tech shipping companies) were open on Sunday.

Sounds like standard upstream over-subscription.  Most DSL circuits are.

Too many people on, not enough bandwidth for all of them.

Basically it sounds like your circuit is simply too noisy to support the 
speeds you wish to run.  Your only real root-cause fix is to keep 
hounding Qwest to deliver what they've promised, speed-wise.  However, I 
think most of the cheap DSL contracts indicate that no performance 
guarantees are implied or given.  If your on a small-biz contract, pick 
on your account rep.

The only way you're going to get guaranteed speeds into that facility 
(probably) is to purchase a T1 from someone.

Nate