12-29-2004 08:29 AM - edited 03-02-2019 08:49 PM
I am having a problem with my 2611's throughput. Proc CPU never gets above 65%, have tried it w/ & w/o CEF, have tried ACL 1 & 150. It just drags along. The problem is more drastic from the outside (internet) My 2501 runs faster than the 2611. Could this be a memory problem and how would I find out? config below.
xxx#sh run
Building configuration...
Current configuration : 3167 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname xxx
!
boot-start-marker
boot-end-marker
!
enable secret xxx
!
username xxx password 0 xxx
clock timezone CST -6
no aaa new-model
ip subnet-zero
no ip cef
!
!
!
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
interface Ethernet0/0
description Connected to Trango/Senao Cloud
ip address 67.xxx.xxx.xxx 255.xxx.xxx.xxx
ip access-group 1 in
ip access-group 1 out
no ip unreachables
no ip route-cache
no ip mroute-cache
full-duplex
!
interface Serial0/0
bandwidth 1544
no ip address
no ip unreachables
encapsulation frame-relay IETF
no ip route-cache
no ip mroute-cache
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
description Connected to Internet Sprint Frame-Relay
ip address 207.xxx.xxx.xxx 255.xxx.xxx.xxx
ip access-group 1 in
ip access-group 1 out
no ip unreachables
no ip route-cache
no ip mroute-cache
frame-relay interface-dlci 19
!
interface Ethernet0/1
description Connected to local network
ip address 207.xxx.xxx.xxx 255.255.xxx.xxx
ip access-group 1 in
ip access-group 1 out
no ip unreachables
no ip route-cache
no ip mroute-cache
full-duplex
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0.1
(snip)
!
!
access-list 1 permit any
access-list 150 remark Specifically block ICMP fragments
access-list 150 deny icmp any any fragments
access-list 150 remark Permit inbound ping
access-list 150 permit icmp any any echo
access-list 150 remark Permit inbound ping response
access-list 150 permit icmp any any echo-reply
access-list 150 remark Permit Path MTU to function
access-list 150 permit icmp any any packet-too-big
access-list 150 remark Permit time exceeded messages for traceroute and loops
access-list 150 permit icmp any any time-exceeded
access-list 150 remark And explicitly block all other icmp packets
access-list 150 deny icmp any any
access-list 150 deny udp any any eq tftp
access-list 150 deny udp any any eq 135
access-list 150 deny udp any any eq netbios-ns
access-list 150 deny udp any any eq netbios-dgm
access-list 150 deny udp any any eq netbios-ss
access-list 150 deny tcp any any eq 135
access-list 150 deny tcp any any eq 139
access-list 150 deny tcp any any eq 445
access-list 150 deny tcp any any eq 593
access-list 150 deny tcp any any eq 4444
access-list 150 remark And permit everything else (or add additional ACLs here)
access-list 150 permit ip any any
!
line con 0
password xxx
login local
line aux 0
line vty 0 4
password xxx
login local
line vty 5 15
password xxx
login local
!
!
end
12-29-2004 08:55 AM
Here is some additional information if it helps. Thanks for any help in advance.
JK
Hldn_2611#sh int sum
*: interface is up
IHQ: pkts in input hold queue IQD: pkts dropped from input queue
OHQ: pkts in output hold queue OQD: pkts dropped from output queue
RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
TRTL: throttle count
Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
------------------------------------------------------------------------
* Ethernet0/0 0 18 0 0 2000 3 9000 14 0
* Serial0/0 10 60645 0 204 339000 116 169000 159 0
* Serial0/0.1 - - - - - - - - -
* Ethernet0/1 8 774361 0 0 202000 183 355000 131 0
NOTE:No separate counters are maintained for subinterfaces
Hence Details of subinterface are not shown
Hldn_2611#sh mem sum
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 8158F4C0 40716856 3973272 36743584 36622584 36231136
I/O 3C00000 4194304 1742648 2451656 2214752 2110240
sh int eth 0/0
Description: Connected to Trango/Senao Cloud
Internet address is 67.xxx.xxx.xxx
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:02, output 00:00:00, output hang never
Last clearing of "show interface" counters 1w1d
Input queue: 0/75/18/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 3 packets/sec
5 minute output rate 8000 bits/sec, 13 packets/sec
5331603 packets input, 603084748 bytes, 0 no buffer
Received 55358 broadcasts, 0 runts, 0 giants, 0 throttles
22538 input errors, 22538 CRC, 11343 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
12141783 packets output, 681175797 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
sh int eth 0/1
Description: Connected to local network
Internet address is 207.xxx.xxx.xxx
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 10/255, rxload 3/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 1w5d
Input queue: 0/75/774361/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 146000 bits/sec, 99 packets/sec
5 minute output rate 411000 bits/sec, 109 packets/sec
195785735 packets input, 2926283001 bytes, 7 no buffer
Received 144358 broadcasts, 0 runts, 0 giants, 0 throttles
3387494 input errors, 3387492 CRC, 1691666 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
164864663 packets output, 3364708637 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
01-01-2005 02:11 AM
A few suggestions at this moment, as shown in your configuration, you may use access-list 150 later on. However, you do not require access-list 1 so you can remove access-group on the interface.
And after you turn off ip cef, it has disabled all route cache on interfaces and force to be processing switching. It is better to turn ip route-cache.
Besides, Cisco2500 series ethernet interface is half-duplex. And I see your cisco2611 ethernet interfaces are in full duplex, it may be the problem causing so many input errors, CRC and frame. Trying reconfigure to half duplex instead.
To see it can help to improve the performance.
01-03-2005 01:17 AM
i think to use cef u should enable "ip route-cache"
on interfaces.
01-03-2005 11:16 AM
he seems to have a duplex fault.
if you look at his crc error counter on e0/1 it seems obvious that or he should force the other side of e0/1 to full duplex or set e0/1 to half and it will work fine.
01-03-2005 11:57 AM
I agree. The reason his 2500 works so well is that it only supports half-duplex. Maybe the other side is in auto, in which case it will revert to half duplex when talking to an Ethernet (as opposed to FastEthernet) interface, even if the router is configured as full.
Kevin Dorrell
Luxembourg
01-10-2005 06:25 AM
A good thing to configure on any Router is a log that displays issues/errors etc depending on the chosen level of reporting. To see if you have any duplex problems type following:
conf t
logging buff 8192 notifications
ctl^z
After a minute or so, type 'show log' You should then see messages showing ethernet duplex-problems.
regards
01-03-2005 04:22 PM
You have a speed/duplex mismatch problem on E0 , also you appear to have no fast switching at all turned on . On each interface enable ip route-cache , this will also bring your cpu way down . Also not sure what you are trying to do with access-list 1 with the permit any statement , this is forcing the router to look at every single packet which will also drive the cpu way up and slow things down , pull this access list and the corresponding statements on your interfaces .
01-04-2005 07:27 AM
Thanks for all the suggestions folks. The access-group 1 was just a test to see if it changed my cpu much - it didn't because there wasn't much traffic then.
01-04-2005 07:55 AM
It didn'd also because you have no ip cef and no ip route-cache, which forces all packets to be process-switched. Processing the access-list is insignificant compared to the load caused by process-switching.
Kevin Dorrell
Luxembourg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide