Issue Description
A device connects to the Internet through two WAN interfaces. The device can normally access the Internet through one WAN interface using a fixed IP address. However, the device cannot properly access the Internet through the other WAN interface using PPPoE dial-up. The network access rate is low and a web page is displayed after it is refreshed multiple times.
Handling Process
The "PC-router-Internet" networking is tested and services are also abnormal.
If the WAN interface using a fixed IP address is changed to use PPPoE dial-up, the fault also occurs. If the WAN interface using PPPoE dial-up is changed to use a fixed IP address, the device can normally access the Internet through the interface. The ISP remains unchanged.
The "PC-Internet" networking is tested and no fault occurs. Therefore, the PC works properly.
Run the tcp adjust-mss command to set the TCP MSS value of the dial-up interface to 1400, 1200, or 900. The fault persists.
In the "PC-router-Internet" networking, only one WAN interface using PPPoE dial-up is tested and the fault persists. Run the display health and display interface commands. The command outputs show that the CPU usage and uplink bandwidth usage of the interface are normal, and the interface is negotiated to work in full-duplex mode.
Run the display fe slot 0 fe-id 0 fwd-status all command to check the packet forwarding status of the device. No severe packet loss occurs.
<Huawei> system
[Huawei] diagnose
[Huawei-diagnose] display fe slot 0 fe-id 0 fwd-status all
********************** FPA POOL STATE ***********************
FPA INT SUM : 0x0000000000000000
FPA POOL 0 : 487
FPA POOL 1 : 21483
FPA POOL 2 : 124
FPA POOL 3 : 2041
FPA POOL 4 : 0
FPA POOL 5 : 2036
FPA POOL 6 : 0
FPA POOL 7 : 3072
********* PKO STATE (Only show abnormal PKO Queues) **********
************** Thread Active State Counter Value ***************
Thread Id 1 : 0x00000000303e3524
Thread Id 2 : 0x00000000335c1d64
Thread Id 3 : 0x0000000030abdc44
********************* VFP_OCTEON_GET_STATS *********************
VFP_OCTEON_STATS( port: 0 ),
rx_pkts 2831557901,
tx_pkts 2581402565,
rx_bytes 2000777919,
tx_bytes 2917281127,
rx_crc_err 0,
rx_frame_err 1,
rx_dropped_packets 0
Run the display session number command to check the number of session entries on the device. In peak hours, the number reaches the performance bottleneck of 16K.
[Huawei] display session number
The total number of session tables is: 16100
[Huawei] display session number
The total number of session tables is: 16045
[Huawei] display session number
The total number of session tables is: 16002
Optimize NAT deployment on the intranet interface so that the number of session entries is smaller than the maximum value and users can normally access the Internet.
#
vlan batch 2
#
acl number 3002
rule 5 permit ip source x.x.x.x 0.0.0.255 destination y.y.y.y 0
#
interface Vlanif2
ip address a.a.a.a 255.255.255.0
nat outbound 3002
#
return
