One TCP session causes T1 latency to spike?

rwhite · ‎11-08-2004

Ok, I've scratched my head on this one long enough. Someone has to be able to help me with this.

I have a Cisco 2650 router connected to our T1, a pretty simple setup. The problem I'm having is that if a single session is opened to a fast site, like Microsoft, and a download started, it makes the latency on the T1 go to anywhere from 300-700ms (sometimes as high as 1 sec!), making the line almost unusable for anyone else. I have tested this in a variety of ways, unable to solve it. I have gone as far as to hook a machine directly up to the router to take any other hosts out of the equation, but it hasn’t helped.

The following is the config I’m currently using:

version 12.3

service timestamps debug uptime

service timestamps log uptime

service password-encryption

hostname sfo-rtr-01

boot-start-marker

boot system flash c2600-ik9s-mz.123-6.bin

boot system flash c2600-i-mz.123-6.bin

boot system flash c2600-i-mz.122-8.T10.bin

boot-end-marker

logging buffered 65536 debugging

enable secret xxxxxxxxxxxxxxxxxxxxx

username xxxxxxxxx secret xxxxxxxxxxxxxxxxxxxxx

no network-clock-participate slot 1

no network-clock-participate wic 0

aaa new-model

aaa authentication login default local

aaa session-id common

ip subnet-zero

ip cef

ip domain name xxxxxx.com

ip name-server 65.106.1.196

ip name-server 65.106.7.196

interface FastEthernet0/0

ip address xxx.xxx.xxx.xxx 255.255.255.224

no ip unreachables

no ip proxy-arp

duplex auto

speed auto

interface Serial0/0

bandwidth 1544000

ip address xxx.xxx.xxx.xxx 255.255.255.252

no ip unreachables

encapsulation ppp

ip route-cache flow

load-interval 30

no ip http server

no ip http secure-server

ip classless

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx

access-list 77 permit xxx.xxx.xxx.xxx 0.0.0.31

access-list 78 permit xxx.xxx.xxx.xxx

access-list 78 permit xxx.xxx.xxx.xxx 0.0.0.31

access-list 78 permit xxx.xxx.xxx.xxx 0.0.0.63

line con 0

line aux 0

line vty 0 4

access-class 78 in

transport input ssh

line vty 5 15

transport input none

ntp clock-period 17208232

ntp server 204.152.184.72 source FastEthernet0/0 prefer

ntp server 164.67.62.194 source FastEthernet0/0

From this, can anybody tell if there’s something drastically wrong? I’ve been administering T1’s for years and I’ve never seen this type of behavior. One single connection to a host with a fast pipe just knocks our service down, virtually! Isn’t the router on the other side of my T1 supposed to queue packets fairly by default (IE with no QoS setup), basically all the packets just get in line, so over time everything should get about the same bandwidth. If this was the case (as I believe it is), the latency shouldn’t skyrocket with only one inbound connection….it should take MANY more connections than this to fast pipes to affect our latency.

Anybody?

zodell · ‎11-08-2004

Have you put an ethernet sniffer on the FA0 side to verify that there isn't any weirdness being sent out your T1?

rwhite · ‎11-08-2004

I could, but I shouldn't have to :)

This is the second ISP we've tried in this building because of this problem, and we're having the exact same issue with both ISP's. Different routers, basic configuration, was is PPP the other is MFR. The only thing I can think of now is a problem at the circuit endpoint, because I believe both ISP's set us up at the same SBC POP.

For this brand new T1 I'm testing with, I have JUST the router and a single machine behind the router, so I can eliminate all the variables. I'm still having the same problem. Once single connection to a fast server on the internet causes the response time on our T1 to jump from 10ms to 300-700ms.

?!?!?

Please someone have an idea?

spremkumar · ‎11-08-2004

hi

do revert back whether ur T1 is error free also post ur interface stats here.

i m seein tht u hve enabled cache flow ,hv u tried anything to sniff off manually to find out whether any worm/virus traffic gettin in or out of ur network ?

if not then do chek tht too.hope u might hve got the mitigation practices released by cisco to ged rid out of these worm stuffs .

pls do apply tht if u smell any worm kind of thing in ur network.

do ping ur isps end point during normal conditions and also during downloading some files.chek for the variation in response time.

Also chek ur interface traffic stats both on ur T1 also on ur ethernet while downloading and in normal loading conditions.

regds

DELL ACORD · ‎11-09-2004

Are you using an WIC-T1-DSU/CSU internal card or an external CSU/DSU? Did you use the same CSU/DSU for the two different ISP's? If so, I would check the configuration of the CSU/DSU?

DTA

rwhite · ‎11-09-2004

I'm actually using a WIC-T1-DSU internal card. Both T1's are using different physical cards. One T1 is PPP, the other is Frame...but both have the exact same issue.

Shouldn't WFQ (the default setting) cause packets to be treated equally, thus allowing ICMP and other packets to get through while a really fast connection is pushing packets down the same pipe?

smif101 · ‎11-09-2004

One thing I would do is change the bandwidth command under your serial link to 1544, (the command is in kilobits). While not very likely, this could be causing your queueing to think there is more bandwidth available to use and the packets coming in are not regulated correctly. If that does not work than I would configure CBWFQ on your interface.