Re: 2611 slow throughput

jeremy · ‎12-29-2004

I am having a problem with my 2611's throughput. Proc CPU never gets above 65%, have tried it w/ & w/o CEF, have tried ACL 1 & 150. It just drags along. The problem is more drastic from the outside (internet) My 2501 runs faster than the 2611. Could this be a memory problem and how would I find out? config below.

xxx#sh run

Building configuration...

Current configuration : 3167 bytes

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname xxx

!

boot-start-marker

boot-end-marker

!

enable secret xxx

!

username xxx password 0 xxx

clock timezone CST -6

no aaa new-model

ip subnet-zero

no ip cef

!

ip audit po max-events 100

no ftp-server write-enable

!

interface Ethernet0/0

description Connected to Trango/Senao Cloud

ip address 67.xxx.xxx.xxx 255.xxx.xxx.xxx

ip access-group 1 in

ip access-group 1 out

no ip unreachables

no ip route-cache

no ip mroute-cache

full-duplex

!

interface Serial0/0

bandwidth 1544

no ip address

no ip unreachables

encapsulation frame-relay IETF

no ip route-cache

no ip mroute-cache

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

description Connected to Internet Sprint Frame-Relay

ip address 207.xxx.xxx.xxx 255.xxx.xxx.xxx

ip access-group 1 in

ip access-group 1 out

no ip unreachables

no ip route-cache

no ip mroute-cache

frame-relay interface-dlci 19

!

interface Ethernet0/1

description Connected to local network

ip address 207.xxx.xxx.xxx 255.255.xxx.xxx

ip access-group 1 in

ip access-group 1 out

no ip unreachables

no ip route-cache

no ip mroute-cache

full-duplex

!

no ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0.1

(snip)

!

access-list 1 permit any

access-list 150 remark Specifically block ICMP fragments

access-list 150 deny icmp any any fragments

access-list 150 remark Permit inbound ping

access-list 150 permit icmp any any echo

access-list 150 remark Permit inbound ping response

access-list 150 permit icmp any any echo-reply

access-list 150 remark Permit Path MTU to function

access-list 150 permit icmp any any packet-too-big

access-list 150 remark Permit time exceeded messages for traceroute and loops

access-list 150 permit icmp any any time-exceeded

access-list 150 remark And explicitly block all other icmp packets

access-list 150 deny icmp any any

access-list 150 deny udp any any eq tftp

access-list 150 deny udp any any eq 135

access-list 150 deny udp any any eq netbios-ns

access-list 150 deny udp any any eq netbios-dgm

access-list 150 deny udp any any eq netbios-ss

access-list 150 deny tcp any any eq 135

access-list 150 deny tcp any any eq 139

access-list 150 deny tcp any any eq 445

access-list 150 deny tcp any any eq 593

access-list 150 deny tcp any any eq 4444

access-list 150 remark And permit everything else (or add additional ACLs here)

access-list 150 permit ip any any

!

line con 0

password xxx

login local

line aux 0

line vty 0 4

password xxx

login local

line vty 5 15

password xxx

login local

!

end

jeremy · ‎12-29-2004

Here is some additional information if it helps. Thanks for any help in advance.

JK

Hldn_2611#sh int sum

*: interface is up

IHQ: pkts in input hold queue IQD: pkts dropped from input queue

OHQ: pkts in output hold queue OQD: pkts dropped from output queue

RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)

TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)

TRTL: throttle count

Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL

------------------------------------------------------------------------

* Ethernet0/0 0 18 0 0 2000 3 9000 14 0

* Serial0/0 10 60645 0 204 339000 116 169000 159 0

* Serial0/0.1 - - - - - - - - -

* Ethernet0/1 8 774361 0 0 202000 183 355000 131 0

NOTE:No separate counters are maintained for subinterfaces

Hence Details of subinterface are not shown

Hldn_2611#sh mem sum

Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)

Processor 8158F4C0 40716856 3973272 36743584 36622584 36231136

I/O 3C00000 4194304 1742648 2451656 2214752 2110240

sh int eth 0/0

Description: Connected to Trango/Senao Cloud

Internet address is 67.xxx.xxx.xxx

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:02, output 00:00:00, output hang never

Last clearing of "show interface" counters 1w1d

Input queue: 0/75/18/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 1000 bits/sec, 3 packets/sec

5 minute output rate 8000 bits/sec, 13 packets/sec

5331603 packets input, 603084748 bytes, 0 no buffer

Received 55358 broadcasts, 0 runts, 0 giants, 0 throttles

22538 input errors, 22538 CRC, 11343 frame, 0 overrun, 0 ignored

0 input packets with dribble condition detected

12141783 packets output, 681175797 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

sh int eth 0/1

Description: Connected to local network

Internet address is 207.xxx.xxx.xxx

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 10/255, rxload 3/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:00, output 00:00:00, output hang never

Last clearing of "show interface" counters 1w5d

Input queue: 0/75/774361/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 146000 bits/sec, 99 packets/sec

5 minute output rate 411000 bits/sec, 109 packets/sec

195785735 packets input, 2926283001 bytes, 7 no buffer

Received 144358 broadcasts, 0 runts, 0 giants, 0 throttles

3387494 input errors, 3387492 CRC, 1691666 frame, 0 overrun, 0 ignored

0 input packets with dribble condition detected

164864663 packets output, 3364708637 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

hando · ‎01-01-2005

A few suggestions at this moment, as shown in your configuration, you may use access-list 150 later on. However, you do not require access-list 1 so you can remove access-group on the interface.

And after you turn off ip cef, it has disabled all route cache on interfaces and force to be processing switching. It is better to turn ip route-cache.

Besides, Cisco2500 series ethernet interface is half-duplex. And I see your cisco2611 ethernet interfaces are in full duplex, it may be the problem causing so many input errors, CRC and frame. Trying reconfigure to half duplex instead.

To see it can help to improve the performance.

mrmozaffari · ‎01-03-2005

i think to use cef u should enable "ip route-cache"

on interfaces.

Tsasbrink · ‎01-03-2005

he seems to have a duplex fault.

if you look at his crc error counter on e0/1 it seems obvious that or he should force the other side of e0/1 to full duplex or set e0/1 to half and it will work fine.

Kevin Dorrell · ‎01-03-2005

I agree. The reason his 2500 works so well is that it only supports half-duplex. Maybe the other side is in auto, in which case it will revert to half duplex when talking to an Ethernet (as opposed to FastEthernet) interface, even if the router is configured as full.

Kevin Dorrell

Luxembourg

a-greaves · ‎01-10-2005

A good thing to configure on any Router is a log that displays issues/errors etc depending on the chosen level of reporting. To see if you have any duplex problems type following:

conf t

logging buff 8192 notifications

ctl^z

After a minute or so, type 'show log' You should then see messages showing ethernet duplex-problems.

regards

glen.grant · ‎01-03-2005

You have a speed/duplex mismatch problem on E0 , also you appear to have no fast switching at all turned on . On each interface enable ip route-cache , this will also bring your cpu way down . Also not sure what you are trying to do with access-list 1 with the permit any statement , this is forcing the router to look at every single packet which will also drive the cpu way up and slow things down , pull this access list and the corresponding statements on your interfaces .

jeremy · ‎01-04-2005

Thanks for all the suggestions folks. The access-group 1 was just a test to see if it changed my cpu much - it didn't because there wasn't much traffic then.

Kevin Dorrell · ‎01-04-2005

It didn'd also because you have no ip cef and no ip route-cache, which forces all packets to be process-switched. Processing the access-list is insignificant compared to the load caused by process-switching.

Kevin Dorrell

Luxembourg