cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7821
Views
0
Helpful
18
Replies

high retransmission and duplicate ack in core router interface(ASR 1001)

Hello

we have network consists of NOC and more 15 branch office.branch offices are interconnect with 2960 switch in ring topology using fiber line.

At NOC we have 2 2960 switch terminating the fiber ring(both switch are interconnect etherchannel to complete the ring topology ) and 2 asr1001 routers and of the switch is connected to router with gig port

For past month client were complain internet speed.after doing investigations i have figured out that router port connecting to switch have high total output drop and high packet dropped from output queue.(i have cleared errors to make sure it wasn't old error counters but it increase immediately ) pictures included

I had SPAN switch port  connecting router and capture packets using Wireshark and after doing Bad TCP i have found found more than 10% and sometimes 30% bad tcp(retransmission, duplicate ack and TCP out of order )

Router interface configuration

interface GigabitEthernet0/0/1
description "All LAN Interface" - -Core-Sw1 - Gi1/0/48
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip nbar protocol-discovery
ip tcp adjust-mss 1452
speed 1000
no negotiation auto
cdp enable
service-policy output Parent-LAN-Shaper
!

Switch interface configuration

interface GigabitEthernet1/0/48
description ** Connection to MOPT-CE-Router - Gi0/0/1
switchport trunk native vlan 299
switchport mode trunk
switchport nonegotiate
logging event trunk-status
speed 1000
duplex full
srr-queue bandwidth share 1 70 25 5
priority-queue out
mls qos trust dscp
spanning-tree portfast
ip dhcp snooping trust
end

beforeclearcounters19.PNGinterfacebeofreclearing.PNGpktsdroppedfromoutputqueue.PNGwiresharkcapture.PNG

After reading some forums i have suspect that service policy was causing the issue and i have delete the service policy to see if it has any effect and after remove service policy from the router interface the output drop and packet dropped from output queue stopped.but i did another wireshark capture and we are still experience high number of retransmission and duplicate ack

we have more than 20 vlan and subinterface in router port

Any support is highly appreciated.

 

18 Replies 18

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Abdullah,

you have removed the output drops on the router ASR 1000 gi0/0/1 by removing the application of the policy map using

int gi0/0/1

no service-policy output Parent-LAN-Shaper

 

However, you still see a lot of TCP Duplicated ACK packets in wireshark capture made with a SPAN session of gi0/0/1.

By looking at the wireshark screen capture that you have provided we can see that the duplicated TCK Ack are coming from internal clients (they have source IP address that is private per RFC 1918 like 192.168.150.1 or 192.168.160.5 with a public destination address).

The TCP out of order events look like to happen in the opposite direction they have a public IP address source and a private destination address like 192.168.150.1 (again I would say).

You have 20 Vlans and corresponding subinterfaces on the router ASR 1000 gi0/0/1 interface.

I can guess that the ASR 1000 is providing the L3 default gateway for each Vlan with its own corresponding subinterface.

I would focus on the affected clients like 192.168.150.1 and 192.168.160.5.

Look at your ring topology for the correspoding Vlans where these hosts are connected to.

Is Spanning-tree stable for the Vlans involved?

All switches agree on the root bridge for these Vlans ?

use

show spanning-tree vlan X

to see the details

look for root bridge ID, all switches should agree on this.

look for the number of topology changes and the last happened.

 

If Spanning-tree is stable and all switches agree on the identity of the root bridge for affected Vlans, then look for the clients.

Locate the port where the client 192.168.150.1 is connected to.

Verify speed and duplex settings and if there are errors on the port with show interface.

Verify also the uplink of the switch C2960 to which the client is connected to and the inter switch links between this C2960 up to to reaching the router interface.

Again look for possible signs of congestion like output drops or input errors, on all the swiches ports in the path from client to the router (use spanning-tree to find out the actual path).

 

The duplicated ACKs come from internal network and are received on router interface.

This leads to think that something is not working on the L2 ring topology.

Either the spanning-tree protocol is not stable or some form of L2 congestion is happening somewhere.

 

Edit:

You have 15 sites with C2960 switches in a ring topology. Depending on the type of STP protocol you are using PVST Rapid PVST (are the more likely) you need to carefully choice the root bridge for each Vlan so that the STP BPDUs messages are considered valid (not expired ) by all switches otherwise your STP can be broken in two domains with different root bridge for each Vlan (for the expiration of STP BPDUs originated by the legitimate and intended root bridge. Remember that STP default  timers are thought for up to seven switch hops from root bridge).

 

Hope to help

Giuseppe

 

Thanks you Giuseppe for quick reply

1- Yes i have removed policy map by issuing no service-policy output Parent-LAN-Shaper command and it immediately stop dropping in output queue.

2-ASR 1000 is providing the L3 default gateway for each Vlan with its own corresponding subinterface like this

interface GigabitEthernet0/0/1.10
description "X LAN"
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!

3-All switches agree on the root bridge 

Some of switches spanning tree root bridge and e980 is the one of the two switch at NOC

First picture is from root bridge switch at NOC

switch2spanningtreesummary.PNG

cbsspanningtreeroot.PNGmofaspanningtreeroot.PNGtradespanningtreeroot.PNG

4-Locate the port where the client  are connected to.

i have only be able to find one with 10mb with full duplex. i am not sure if it's cause issue or not

informationport21.PNG

I think the spanning tree is stable but i can't figure out what could cause L2 congestion that effect all our network ?

Hello Abdullah,

from the output that you have provided we can see the following:

the first switch near the router is NOT the root bridge for all the existing Vlans for example it is not for Vlan 1, Vlan 222, Vlan225.

You can easily verify on the following screen captures from other switches:

the root cost and root bridge priority is different for Vlan1 and Vlan222.

The last switch MoTR-120-Sw is the root bridge for Vlan 222 as it reports cost 0 and no root port is listed.

 

As I have explained before in a ring topology the placement of the root bridge for each Vlan needs to be carefully planned.

 

About the user port it is working 10 Mbps full duplex but it shows some collisions and late collisions so check if the device on the other side of the link is working 10 Mbps full duplex.

Also the port is in what Vlan ?

You should also look at the interfaces on the path between the client and the router interface.

 

Hope to help

Giuseppe

 

Hi Giuseppe sorry for the late reply i have been out of work for personal reason.

while i was away my colleagues tried to resolve the issue but with no success.

i have remove vlan 222 because nobody was using the vlan and it had different root bridge than the other vlans

Now all Switches agreed the Switch in NOC is root bridge except vlan 1 it has different root bridge but Note we don't use vlan 1 even as NATIVE vlan.so i am not sure if it can use problem.

All Switches agreed in Root Bridge

spanningtree.PNG

I have also checked all interconnect links and other is no any indication of interface error

interface.PNG

All switches have different root bridge for VLAN 1(we don't use vlan 1 as native vlan) this switch is the root bridge for vlan 1

vlanone.PNG

I have hunch where the problem is but i want to be sure before i report to Up stream provider

i have been pinging our routers, one is in the NOC and the other one is at Upstream provider facility we have fiber connection between the ASR 1001 routers.i have notice ping all three routers(our two asr 1001 and upstream router aka our gateway router ) there is more than 20% packet loss when we ping the Upstream provider router

pingfromoffice2.PNG

66.246.82 is one our router in Upstream provider 66.246.81 is the Upstream router

I have also pinged from from my home(i use different ISP ) and the result is almost identical 

pingfromhome1.PNG

and these consistent it's not one off.

and lastly i have downloaded pingplotter(someone recommended ) and i think this demonstrate where the problem is perfectly

pingplotter.PNG

Also Wireshark capture shows 40% Bad TCP(retransmission and duplicate ack)

After all the evident can i conclude that the problem is the at router of our Upstream Provider not Local one 

 

I appreciate the help 

Hello Abdullah,

thanks for your detailed feedback.

The STP configuraton is now correct and you couldn't find evidence of errors on internal interfaces of the ring of switches.

Then you moved your attention to the upstream ISP router and you have find out that the error rate with ICMP ping tests is around 20%.

This might be caused by a policer for ICMP traffic applied inbound on upstream provider router interface.

You can easily see this if you try to use ping with a greater size. IF there is a policer the error rate should increase.

 

However, your wireshark capture shows high percentage of TCP bad packets (retransmissions and duplicate ACks).

 

I agree that at this point you can open a ticket with your  upstream ISP asking them to verify their router configuration and the link health. Ask if they apply a policer inbound and / or a shaper outbound to you to limit your available bandwidth.

 

Hope to help

Giuseppe

 

Thank Giuseppe for prompt response 

I have increase the packet of the ping to 1000byte and result seems same we are still experience around 20% packet loss

Is this mean that it not the  ICMP policy limiting the ping and there is other issues.???

pingwithhighpacket.PNG

Also we should have one STM-1(155mbps) bandwidth but we are averaging 70-80mbps even though i have remove bandwidth shaper from our router internet experience is very slow.

 

Highly appreciate the help.

Hello,

 

can you post the configuration of the WAN interface (the one with 'ip nat outside' configured), or better yet the entire configuration of your WAN router ?

Here are the configuration of router at NOC.we have to connection to our router at Upstream Provider facility.(primary and secondary fiber) PRIMARY PORT interface GigabitEthernet0/0/0 description "Primary Fiber Connection to -PE-Router-Gi0/0/0 bandwidth 158720 ip address ###.11.62.5 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip nbar protocol-discovery ip flow monitor MONITOR-1 input negotiation auto end SECONDARY PORT interface GigabitEthernet0/0/2 description "Secondary Fiber Connection to PE-Router-Gi0/0/2 bandwidth 158720 ip address ###.11.62.69 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip nbar protocol-discovery negotiation auto

Hello,

 

what are the below used for (are they being used at all) ?

 

ip nbar protocol-discovery

ip flow monitor MONITOR-1 input

We don't use netflow anymore.there is no collector software.but nbar is configure most of our interface as you can see in full router configuration i have posted earlier

Hello Abdullah,

if your interface is a GE interface but then it is connected to a device that performs Ethernet over SDH you need to apply a shaper in output direction otherwise GE interface can send bursts of traffic that can cause buffer drops on the SDH equipment that are not seen on the ISP router interface and in your router.

Also the ISP router should use a shaper towards your router to accomodate for the use of ethernet over SDH.

You need to take in account possible overheads of transporting ethernet over SDH so I would use a shaper with speed 145 Mbps to be sure to be under the possible limitations of transport device.

 

Also the observation made by Georg is important about using NBAR and netflow on the same interface.

Usually you should enable netflow or NBAR and not both. On some platforms these two features are not compatible. In your case they are allowed but you are adding load to your router.

You should remove the NBAR if you are exporting netflow data to a netflow collector.

 

policy-map SHAPER

class class-default

shape average 145000000

! you can eventually use a CHILD policy that performs CBWFQ or LLQ

 

int gi0/0/0

service-policy out SHAPER

 

You should apply this change and check if behaviour change.

 

Hope to help

Giuseppe

 

Here is the full configuration of router

I have change name and hide IP address for security reasons 


Current configuration : 16763 bytes
!
! Last configuration change at 11:21:18
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no platform punt-keepalive disable-kernel-core
!
hostname c
!
boot-start-marker
boot system flash bootflash:asr1001x-universalk9.03.15.01.S.155-2.S1-std.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5
!
aaa new-model
!
!
aaa authentication login console local
!
!
!
!
!
aaa session-id common
clock timezone
!
!
!
!
!
!
!
!
!


ip domain name 
ip name-server 9.9.9.9
ip name-server 8.8.8.8

ip dhcp excluded-address 192.168.20.1 192.168.20.10
ip dhcp excluded-address 192.168.20.254
ip dhcp excluded-address 192.168.30.1 192.168.30.10
ip dhcp excluded-address 192.168.30.254
ip dhcp excluded-address 192.168.40.1 192.168.40.10
ip dhcp excluded-address 192.168.40.254
ip dhcp excluded-address 192.168.50.1 192.168.50.10
ip dhcp excluded-address 192.168.50.254
ip dhcp excluded-address 192.168.60.1 192.168.60.10
ip dhcp excluded-address 192.168.60.254
ip dhcp excluded-address 192.168.70.1 192.168.70.10
ip dhcp excluded-address 192.168.70.254
ip dhcp excluded-address 192.168.80.1 192.168.80.10
ip dhcp excluded-address 192.168.80.254
ip dhcp excluded-address 192.168.90.1 192.168.90.10
ip dhcp excluded-address 192.168.90.254
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp excluded-address 192.168.100.254
ip dhcp excluded-address 192.168.110.1 192.168.110.10
ip dhcp excluded-address 192.168.110.254
ip dhcp excluded-address 192.168.120.1 192.168.120.10
ip dhcp excluded-address 192.168.120.254
ip dhcp excluded-address 192.168.130.1 192.168.130.10
ip dhcp excluded-address 192.168.130.254
ip dhcp excluded-address 192.168.140.1 192.168.140.10
ip dhcp excluded-address 192.168.140.254
ip dhcp excluded-address 192.168.150.1 192.168.150.10
ip dhcp excluded-address 192.168.150.254
ip dhcp excluded-address 192.168.10.1 192.168.10.14
ip dhcp excluded-address 192.168.10.254
ip dhcp excluded-address 192.168.160.1 192.168.160.10
ip dhcp excluded-address 192.168.160.254
ip dhcp excluded-address 192.168.170.1 192.168.170.10
ip dhcp excluded-address 192.168.170.254
!
ip dhcp pool Vlan_50
network 192.168.50.0 255.255.255.0
default-router 192.168.50.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool Vlan_10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
dns-server 8.8.8.8
lease 8
!
ip dhcp pool VLAN_20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool VLAN_40
network 192.168.40.0 255.255.255.0
default-router 192.168.40.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool Vlan_60
network 192.168.60.0 255.255.255.0
default-router 192.168.60.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool VLAN_70
network 192.168.70.0 255.255.255.0
default-router 192.168.70.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool Vlan_100
network 192.168.100.0 255.255.255.0
default-router 192.168.100.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool Vlan_120
network 192.168.120.0 255.255.255.0
default-router 192.168.120.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool Vlan_130
network 192.168.130.0 255.255.255.0
default-router 192.168.130.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool Vlan_140
network 192.168.140.0 255.255.255.0
default-router 192.168.140.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool VLAN150
network 192.168.150.0 255.255.255.0
default-router 192.168.150.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool VLAN_80
network 192.168.80.0 255.255.255.0
default-router 192.168.80.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool VLAN_110
network 192.168.110.0 255.255.255.0
default-router 192.168.110.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool VLAN_30
network 192.168.30.0 255.255.255.0
default-router 192.168.30.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool VLAN_160
network 192.168.160.0 255.255.255.0
default-router 192.168.160.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool VLAN_170
network 192.168.170.0 255.255.255.0
default-router 192.168.170.254
dns-server 9.9.9.9
lease 8
!
ip dhcp pool Vlan_90
network 192.168.90.0 255.255.255.0
default-router 192.168.90.254
dns-server 9.9.9.9
lease 8
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
flow exporter CE-ROUTER
destination 192.168.10.246
source GigabitEthernet0/0/0
transport udp 1600
export-protocol netflow-v5
!
!
flow monitor MONITOR-1
exporter CE-ROUTER
record netflow ipv4 original-input
!
multilink bundle-name authenticated
!
!
license udi pid ASR1001-X
!
username m
username n
!
redundancy
mode none
!
!
cdp run
!
ip ssh time-out 60
ip ssh version 2
!
class-map match-all Ed
match access-group 114
class-map match-all Ben
match access-group 108
class-map match-all MoFi
match access-group 107
class-map match-all FA
match access-group 110
class-map match-all PT
match access-group 101
class-map match-all E
match access-group 116
class-map match-all U
match access-group 103
class-map match-all BS
match access-group 106
class-map match-all PM
match access-group 113
class-map match-all MR
match access-group 117
class-map match-all Pet
match access-group 105
class-map match-all Tra
match access-group 102
class-map match-all D
match access-group 111
class-map match-all I
match access-group 115
class-map match-all Jus
match access-group 109
class-map match-all T
match access-group 112
class-map match-all Y
match access-group 104
!
policy-map Jus
class class-default
police cir 10485500 bc 1000000
conform-action transmit
exceed-action drop
policy-map U
class class-default
police cir 5242500 bc 1000000
conform-action transmit
exceed-action drop
policy-map E
class class-default
police cir 5242500 bc 1000000
conform-action transmit
exceed-action drop
policy-map Pet
class class-default
police cir 10485500 bc 1000000
conform-action transmit
exceed-action drop
policy-map Ben
class class-default
police cir 5242500 bc 1000000
conform-action transmit
exceed-action drop
policy-map BS
class class-default
police cir 5242500 bc 1000000
conform-action transmit
exceed-action drop
policy-map MR
class class-default
police cir 5242500 bc 1000000
conform-action transmit
exceed-action drop
policy-map PT
class class-default
police cir 41943000 bc 1000000
conform-action transmit
exceed-action drop
policy-map Tra
class class-default
police cir 10485500 bc 1000000
conform-action transmit
exceed-action drop
policy-map Y
class class-default
police cir 5242500 bc 1000000
conform-action transmit
exceed-action drop
policy-map Fi
class class-default
police cir 10485500 bc 1000000
conform-action transmit
exceed-action drop
policy-map FA
class class-default
police cir 15728500 bc 1000000
conform-action transmit
exceed-action drop
policy-map D
class class-default
police cir 10485500 bc 1000000
conform-action transmit
exceed-action drop
policy-map PM
class class-default
police cir 5242500 bc 1000000
conform-action transmit
exceed-action drop
policy-map Ed
class class-default
police cir 5242500 bc 1000000
conform-action transmit
exceed-action drop
policy-map I
class class-default
police cir 10485500 bc 1000000
conform-action transmit
exceed-action drop

policy-map Parent-LAN-Shaper
class PT
service-policy PT
class Tra
service-policy Tra
class Y
service-policy Y
class Pet
service-policy Pet
class BS
service-policy BS
class Fi
service-policy Fi
class Ben
service-policy Ben
class Jus
service-policy Jus
class FA
service-policy FA
class D
service-policy D
class PM
service-policy PM
class Ed
service-policy Ed
class I
service-policy I
class U
service-policy U
class E
service-policy E
class MR
service-policy MR
!
!
!
!
!
!
interface Loopback0
ip address ##.11.62.129 255.255.255.192
!
interface Loopback1
ip address ##.11.62.77 255.255.255.255
!
interface TenGigabitEthernet0/0/0
no ip address
shutdown
!
interface TenGigabitEthernet0/0/1
no ip address
shutdown
!
interface GigabitEthernet0/0/0
description "Primary Fiber Connection to PE-Router-Gi0/0/0
bandwidth 158720
ip address ##.11.62.5 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip nbar protocol-discovery
ip flow monitor MONITOR-1 input
negotiation auto
!
interface GigabitEthernet0/0/1
description "All LAN Interface" - Sw1 - Gi1/0/48
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip nbar protocol-discovery
ip tcp adjust-mss 1452
speed 1000
no negotiation auto
cdp enable
service-policy output Parent-LAN-Shaper
!
interface GigabitEthernet0/0/1.10
description "MP LAN"
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.20
description "TRA LAN"
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.30
description "U LAN"
encapsulation dot1Q 30
ip address 192.168.30.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.40
description "Y LAN"
encapsulation dot1Q 40
ip address 192.168.40.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.50
description "Pet LAN"
encapsulation dot1Q 50
ip address 192.168.50.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.60
description "BS LAN"
encapsulation dot1Q 60
ip address 192.168.60.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.70
description "Fi LAN"
encapsulation dot1Q 70
ip address 192.168.70.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.80
description "Ben LAN"
encapsulation dot1Q 80
ip address 192.168.80.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.90
description "Jus LAN"
encapsulation dot1Q 90
ip address 192.168.90.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.100
description "FA LAN"
encapsulation dot1Q 100
ip address 192.168.100.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.110
description "D LAN"
encapsulation dot1Q 110
ip address 192.168.110.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.120
description "Tra&C LAN"
encapsulation dot1Q 120
ip address 192.168.120.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.130
description "PM LAN"
encapsulation dot1Q 130
ip address 192.168.130.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.140
description "Ed LAN"
encapsulation dot1Q 140
ip address 192.168.140.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.150
description "I LAN"
encapsulation dot1Q 150
ip address 192.168.150.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.160
description "E LAN"
encapsulation dot1Q 160
ip address 192.168.160.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.170
description "MR LAN"
encapsulation dot1Q 170
ip address 192.168.170.254 255.255.255.0
ip nat inside
ip nbar protocol-discovery
!
interface GigabitEthernet0/0/1.201
description ** Management - **
encapsulation dot1Q 201
ip address 10.1.1.254 255.255.255.0
!
!
interface GigabitEthernet0/0/2
description "Secondary Fiber Connection to PE-Router-Gi0/0/2
bandwidth 158720
ip address ##.11.62.69 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip nbar protocol-discovery
negotiation auto
!
interface GigabitEthernet0/0/3
description Tertiary Radio Connection to PE-Router-Gi0/0/3
bandwidth 158720
ip address ##.11.62.73 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
negotiation auto
!
interface GigabitEthernet0/0/4
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/5
no ip address
shutdown
negotiation auto
!
interface ATM0/1/0
no ip address
shutdown
no atm enable-ilmi-trap
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
!
router eigrp 90
network ##.11.62.0 0.0.0.3
network ##.11.62.1 0.0.0.0
network ##.11.62.4 0.0.0.3
network ##.11.62.68 0.0.0.3
network ##.11.62.73 0.0.0.0
network ##.11.62.76 0.0.0.3
network ##.11.62.80 0.0.0.7
network ##.11.62.128 0.0.0.63
network ##.11.62.193 0.0.0.0

!
ip nat settings mode cgn
no ip nat settings support mapping outside
ip nat pool M ##.11.62.130 ##.11.62.190 prefix-length 26
ip nat inside source list 10 pool M overload
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 ##.11.62.6
ip route 0.0.0.0 0.0.0.0 ##.11.62.70 2
!
access-list 10 permit 192.168.0.0 0.0.255.255
access-list 101 permit ip any 192.168.10.0 0.0.0.255
access-list 102 permit ip any 192.168.20.0 0.0.0.255
access-list 103 permit ip any 192.168.30.0 0.0.0.255
access-list 104 permit ip any 192.168.40.0 0.0.0.255
access-list 105 permit ip any 192.168.50.0 0.0.0.255
access-list 106 permit ip any 192.168.60.0 0.0.0.255
access-list 107 permit ip any 192.168.70.0 0.0.0.255
access-list 108 permit ip any 192.168.80.0 0.0.0.255
access-list 109 permit ip any 192.168.90.0 0.0.0.255
access-list 110 permit ip any 192.168.100.0 0.0.0.255
access-list 111 permit ip any 192.168.110.0 0.0.0.255
access-list 112 permit ip any 192.168.120.0 0.0.0.255
access-list 113 permit ip any 192.168.130.0 0.0.0.255
access-list 114 permit ip any 192.168.140.0 0.0.0.255
access-list 115 permit ip any 192.168.150.0 0.0.0.255
access-list 116 permit ip any 192.168.160.0 0.0.0.255
access-list 117 permit ip any 192.168.170.0 0.0.0.255
!
snmp-server community M
snmp-server community D
!
!
!
!
control-plane
!
banner motd ^C
#############################################################
#############################################################
## ##
## WARNING: UNAUTHORIZED ACCESS IS PROHIBITED ##
## ##
## You have access a sytem operated by M. You are ##
## required to have an authorization from the system ##
## administrator before using this system. ##
## ##
## If You are authorized, Please Proceed with your ##
## username and Password. Otherwise, You must disconnect ##
## immediately to avoid legal consequences ##
## ##
#############################################################
#############################################################


^C
!
line con 0
login authentication console
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class ssh in
exec-timeout 30 0
transport input ssh
!
ntp server
!
end

 

have change name and hide IP for security reasons

 

 

Hello Abdullah,

if there is an SDH network in the middle between your router GE interfaces and the PE router interfaces you need a shaper.

the command

>> bandwidth 158720

does not provide a shaping action, it is a reference bandwidth for QoS and it is used by EIGRP as metric component.

As I have explained in previous post, issues on the link can still be present, but both routers on your side and on provider side need to use a SHAPER to accomodate the line speed of 1000 Mbps to 140 Mbps in order to avoid to have packets lost in the SDH transport network.

You can apply the suggested SHAPER policy using a bandwidth of 140 Mbps.

If behaviour does not change you can open a ticket with the upstream ISP.

 

Hope to help

Giuseppe

 

Giuseppe i have scheduled to do that tomorrow.today we have couple of meetings.

Core Switch >>>>>>NAT router>>>>>>>Router connect to Upstream Provider >>>>>>>Upstream provider router
where should i apply the sharper.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco