Solved: Re: 1921/K9 Throughput

dan.oancea · ‎09-13-2017

Hi everyone,

let me tell you a little about my network and the issue I'm having.

I have a Cisco 1921/K9 connected to the Gigabit FTTH from my ISP. From 1921/K9, I have a 2960CG with 2 trunk and 8 access ports. In the acces ports, I have an AP (Cisco 861W), a DVR, 2 NICs from my x3250 M2 server, my desktop and my gf's laptop.

With a FortiWiFi 60E, or with a FirtiGate 60E as the main router, the throughput to LAN reaches 1Gbps. With the 1921/K9, though, the throughput goes only up to 180Mbps and it's kind of disturbing, because I do not intend to use only 20% of my bandwidth, especially with the devices listed above as part of my LAN.

Bellow is the conf from 1921/K9. Could someone, please, tell me if there's any way I can increase the throughput of the router on NAT, or I'm just supposed to change the equipment?

I searched through the discussions before, searched google... nothing found about the throughput rate I'm having, nor about any resembling config.

Current configuration : 4118 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname homey-rt
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.1.1 10.10.1.2
ip dhcp excluded-address 10.10.1.33 10.10.1.34
ip dhcp excluded-address 10.10.1.65 10.10.1.66
ip dhcp excluded-address 10.10.1.98 10.10.1.99
!
ip dhcp pool vlan10-pool
 network 10.10.1.0 255.255.255.224
 domain-name domain.com
 dns-server 8.8.8.8 8.8.4.4
 default-router 10.10.1.1
 lease 7
!
ip dhcp pool vlan20-pool
 network 10.10.1.32 255.255.255.224
 domain-name domain.com
 dns-server 8.8.8.8 8.8.4.4
 default-router 10.10.1.33
 lease 7
!
ip dhcp pool vlan30-pool
 network 10.10.1.64 255.255.255.224
 domain-name domain.com
 dns-server 8.8.8.8 8.8.4.4
 default-router 10.10.1.65
 lease 7
!
ip dhcp pool vlan888-pool
 network 10.10.1.96 255.255.255.224
 domain-name domain.com
 dns-server 8.8.8.8 8.8.4.4
 default-router 10.10.1.98
 lease 7
!
!
!
no ip mfib
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ1725713T
!
!
vtp mode transparent
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description RDS-WAN
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
 no mop enabled
!
interface GigabitEthernet0/1
 bandwidth qos-reference 10000000
 no ip address
 duplex auto
 speed 1000
!
interface GigabitEthernet0/1.1
 description comps
 bandwidth qos-reference 10000000
 encapsulation dot1Q 10
 ip address 10.10.1.1 255.255.255.224
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.2
 description servers
 bandwidth qos-reference 10000000
 encapsulation dot1Q 20
 ip address 10.10.1.33 255.255.255.224
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.3
 description dvr
 bandwidth qos-reference 10000000
 encapsulation dot1Q 244
 ip address 10.10.1.65 255.255.255.224
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.4
 description management
 bandwidth qos-reference 10000000
 encapsulation dot1Q 888
 ip address 10.10.1.98 255.255.255.224
 ip nat inside
 ip virtual-reassembly in
!
interface Dialer1
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer idle-timeout 0
 dialer load-threshold 1 either
 dialer persistent
 dialer-group 1
 ppp pap sent-username <hidden_username> password 0 <hidden_pass>
 ppp ipcp dns request accept
 ppp ipcp route default
 ppp ipcp address accept
 no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source list 100 interface Dialer1 overload
ip nat inside source static tcp 10.10.1.2 3389 interface Dialer1 3389
ip nat inside source static tcp 10.10.1.66 81 interface Dialer1 81
ip nat inside source static tcp 10.10.1.66 8101 interface Dialer1 8101
ip nat inside source static tcp 10.10.1.100 23 interface Dialer1 23
ip nat inside source static tcp 10.10.1.101 23 interface Dialer1 24
ip nat inside source static tcp 10.10.1.35 22 interface Dialer1 22
ip nat inside source static tcp 10.10.1.36 21 interface Dialer1 21
ip nat inside source static tcp 10.10.1.36 80 interface Dialer1 80
ip nat inside source static tcp 10.10.1.36 443 interface Dialer1 443
ip nat inside source static tcp 10.10.1.36 20 interface Dialer1 20
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 100 permit ip 10.10.1.0 0.0.0.255 any
access-list 100 permit ip any any
!
!
!
control-plane
!
!
!
line con 0
 password <hidden_pass>
 login
line aux 0
 password <hidden_pass>
 login
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password <hidden_pass>
 login
 transport input all
!
scheduler allocate 20000 1000
!
end

Thank you for your patience,

Dan

Georg Pauwen · ‎09-13-2017

Dan,

Joseph and Colin are probably and unfortunately right and you are maxing out your Cisco router. The more features you turn on, the worse it gets...(:

That said, it might still be worth checking with your provider. The reliability of your physical interface is 254/255, it should be 255/255. This could indicate a line problem...

View solution in original post

Joseph W. Doherty · ‎09-13-2017

For a 1921, topping out at 180 Mbps is not unexpected. Cisco only recommends the 1921 for 15 Mbps (WAN). Details in the attachment.

dan.oancea · ‎09-13-2017

Thanks for your reply, Joseph.

What Cisco router do you recommend for a speed up to 1Gbps?

Thanks.

Georg Pauwen · ‎09-13-2017

Hello,

in addition to Joseph's post, I have made a few small adjustments (marked in bold) to your configuration, you might want to try those and see if that increases the throughput:

Current configuration : 4118 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname homey-rt
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
ip cef
!
ip dhcp excluded-address 10.10.1.1 10.10.1.2
ip dhcp excluded-address 10.10.1.33 10.10.1.34
ip dhcp excluded-address 10.10.1.65 10.10.1.66
ip dhcp excluded-address 10.10.1.98 10.10.1.99
!
ip dhcp pool vlan10-pool
network 10.10.1.0 255.255.255.224
domain-name domain.com
dns-server 8.8.8.8 8.8.4.4
default-router 10.10.1.1
lease 7
!
ip dhcp pool vlan20-pool
network 10.10.1.32 255.255.255.224
domain-name domain.com
dns-server 8.8.8.8 8.8.4.4
default-router 10.10.1.33
lease 7
!
ip dhcp pool vlan30-pool
network 10.10.1.64 255.255.255.224
domain-name domain.com
dns-server 8.8.8.8 8.8.4.4
default-router 10.10.1.65
lease 7
!
ip dhcp pool vlan888-pool
network 10.10.1.96 255.255.255.224
domain-name domain.com
dns-server 8.8.8.8 8.8.4.4
default-router 10.10.1.98
lease 7
!
no ip mfib
no ipv6 cef
!
multilink bundle-name authenticated
!
license udi pid CISCO1921/K9 sn FCZ1725713T
!
vtp mode transparent
!
redundancy
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description RDS-WAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
--> no ip tcp adjust-mss 1452
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
no mop enabled
!
interface GigabitEthernet0/1
bandwidth qos-reference 10000000
no ip address
duplex auto
speed 1000
!
interface GigabitEthernet0/1.1
description comps
bandwidth qos-reference 10000000
encapsulation dot1Q 10
ip address 10.10.1.1 255.255.255.224
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.2
description servers
bandwidth qos-reference 10000000
encapsulation dot1Q 20
ip address 10.10.1.33 255.255.255.224
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.3
description dvr
bandwidth qos-reference 10000000
encapsulation dot1Q 244
ip address 10.10.1.65 255.255.255.224
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.4
description management
bandwidth qos-reference 10000000
encapsulation dot1Q 888
ip address 10.10.1.98 255.255.255.224
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
dialer idle-timeout 0
dialer load-threshold 1 either
dialer persistent
dialer-group 1
ppp pap sent-username <hidden_username> password 0 <hidden_pass>
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 10.10.1.2 3389 interface Dialer1 3389
ip nat inside source static tcp 10.10.1.66 81 interface Dialer1 81
ip nat inside source static tcp 10.10.1.66 8101 interface Dialer1 8101
ip nat inside source static tcp 10.10.1.100 23 interface Dialer1 23
ip nat inside source static tcp 10.10.1.101 23 interface Dialer1 24
ip nat inside source static tcp 10.10.1.35 22 interface Dialer1 22
ip nat inside source static tcp 10.10.1.36 21 interface Dialer1 21
ip nat inside source static tcp 10.10.1.36 80 interface Dialer1 80
ip nat inside source static tcp 10.10.1.36 443 interface Dialer1 443
ip nat inside source static tcp 10.10.1.36 20 interface Dialer1 20
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 10.10.1.0 0.0.0.255
!
control-plane
!
line con 0
password <hidden_pass>
login
line aux 0
password <hidden_pass>
login
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password <hidden_pass>
login
transport input all
!
scheduler allocate 20000 1000
!
end

dan.oancea · ‎09-13-2017

Not a chance, Georg, but thanks for the hint.

Made the changes, and the bandwidth decreased to 157Mbs down and 156Mbps up from 178 down and 182 up.

Georg Pauwen · ‎09-13-2017

Dan,

can you check if there is congestion on the interface: post the output of 'show interfaces GigabitEthernet0/0' and 'show interfaces Dialer1'.

dan.oancea · ‎09-13-2017

GigabitEthernet0/0 is up, line protocol is up
  Hardware is CN Gigabit Ethernet, address is bc16.6533.aec0 (bia bc16.6533.aec0)
  Description: RDS-WAN
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full Duplex, 1Gbps, media type is RJ45
  output flow-control is unsupported, input flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 1d04h, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 23000 bits/sec, 1 packets/sec
     19560115 packets input, 2998993983 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     88370 input errors, 0 CRC, 0 frame, 88370 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     7849795 packets output, 1361866907 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

Dialer1 is up, line protocol is up (spoofing)
  Hardware is Unknown
  Internet address is 188.26.158.164/32
  MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 104/255, rxload 255/255
  Encapsulation PPP, LCP Closed, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Interface is bound to Vi2
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 1d04h
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 4
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 61000 bits/sec, 9 packets/sec
  5 minute output rate 23000 bits/sec, 1 packets/sec
     19541923 packets input, 2608408678 bytes
     7841336 packets output, 1204935027 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
  Hardware is Virtual Access interface
  MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 91/255, rxload 255/255
  Encapsulation PPP, LCP Open
  Open: IPCP
  PPPoE vaccess, cloned from Dialer1
  Vaccess status 0x44, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 5 seconds on reset
  Interface is bound to Di1 (Encapsulation PPP)
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters 1d04h
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 61000 bits/sec, 10 packets/sec
  5 minute output rate 19000 bits/sec, 9 packets/sec
     19562181 packets input, 2608679318 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     7841438 packets output, 1204940534 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions

Ge0/0 and Dialer1 displayed.

Georg Pauwen · ‎09-13-2017

Hello,

you have input errors and overruns on the interface. Can you find out what is connected on the other end, and if speed and duplex settings match ?

Also, try and implement the below QoS setting. I would like to see if this reduces the overruns:

policy-map SHAPE_1GIG
class class-default
shape average 1000000000

Apply the policy to GigabitEthernet0/0:

service-policy output SHAPE_1GIG

dan.oancea · ‎09-13-2017

Sorry for the delayed answer... I had to rest for the night.

Ge0/0 is connected to a Huawei ONT, right next to the 1921. I'll have to check with the ISP the conf of thr ONT, since I, as a customer, am not allowed acces on the ONT.

L.E.: Made the changes. Bandwidth went to 137mbps D with 128mbps U

homey-rt#sh processes cpu
CPU utilization for five seconds: 92%/91%; one minute: 30%; five minutes: 23%

homey-rt#sh int gigabitEthernet 0/0
GigabitEthernet0/0 is up, line protocol is up
  Hardware is CN Gigabit Ethernet, address is bc16.6533.aec0 (bia bc16.6533.aec0)
  Description: RDS-WAN
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 254/255, txload 3/255, rxload 4/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full Duplex, 1Gbps, media type is RJ45
  output flow-control is unsupported, input flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 1d13h, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: Class-based queueing
  Output queue: 0/1000/0 (size/max total/drops)
  5 minute input rate 17276000 bits/sec, 2007 packets/sec
  5 minute output rate 14074000 bits/sec, 1891 packets/sec
     20637811 packets input, 4151472204 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     104724 input errors, 0 CRC, 0 frame, 104724 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     8835279 packets output, 2221726264 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

homey-rt#sh int Dialer 1
Dialer1 is up, line protocol is up (spoofing)
  Hardware is Unknown
  Internet address is 188.26.158.164/32
  MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 255/255, rxload 255/255
  Encapsulation PPP, LCP Closed, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Interface is bound to Vi2
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 1d13h
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 4
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 16955000 bits/sec, 2010 packets/sec
  5 minute output rate 14543000 bits/sec, 1927 packets/sec
     20611784 packets input, 3741349242 bytes
     8805011 packets output, 2043673001 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
  Hardware is Virtual Access interface
  MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 255/255, rxload 255/255
  Encapsulation PPP, LCP Open
  Open: IPCP
  PPPoE vaccess, cloned from Dialer1
  Vaccess status 0x44, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 5 seconds on reset
  Interface is bound to Di1 (Encapsulation PPP)
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters 1d13h
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 57
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 16954000 bits/sec, 2007 packets/sec
  5 minute output rate 13777000 bits/sec, 1891 packets/sec
     20610575 packets input, 3698958122 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     8808113 packets output, 2043822528 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions

colin_n · ‎09-13-2017

Hey - I wouldn't even bother trying to tune a 1900 series to try and push 1Gbps through it - it's simply not capable. As you can see, the poor little box sitting at 92% CPU with all of the features you have turned on. :-)

If you want 1Gbps but still have a cisco box, you'll need either a 3900E off eBay, or a new 4400.

dan.oancea · ‎09-13-2017

Hey Colin.

Thanks for the input. For a 750 USD/month salary in Romania, I'm not sure I can afford a 4400 series for home use :)) at least without getting broke. I'll try to find a 3900E or 4400 series marked as broken, just like I found these ones that are working just fine :)

Georg Pauwen · ‎09-13-2017

Dan,

Joseph and Colin are probably and unfortunately right and you are maxing out your Cisco router. The more features you turn on, the worse it gets...(:

That said, it might still be worth checking with your provider. The reliability of your physical interface is 254/255, it should be 255/255. This could indicate a line problem...

dan.oancea · ‎09-14-2017

Georg, I'll change the Cat5e patch with a Cat6a or with a Cat7 and do some more testing. Anyway, I'll keep in mind to change the router, because the poor thing is not up to it and I'm topping it out.

Thanks for all your opinions and for your help. You're great, guys.

Have a great day, all of you.

Joseph W. Doherty · ‎09-14-2017

One of the high end ISR 4K series.

You might go for a model that's base rated at 1/2 gig, and if need to, software upgrade it to gig. Or, you might go with a model that's based rated at gig, and you could, if needed, software upgraded it to two gig.

exploitsi · ‎07-24-2022

Hello Everyone,

I am experiencing a similar configuration as described here. We have a 1921 which is connected in Gig to our SP's Metro Ethernet switch which is supposed to provide us a leased line of 100MB UP and Down. We are experiencing some slowness inside our network to join external application such as office 365. I was wondering if the 1921 could cause slowness as it can provide 15MBs throughput for Wan. We are only using it for OSPF with our SP and some ACL for filtering. I am not an expert but for what I understood the throughput of the cisco 1921 is depending of the services which are activated and summarization of the trafic going in and out of the box. Does the 15 Mbps Max within the datasheet include also the provided gigabit ethernet interfaces ?

Many thanks in advance

Kind Regards