problem with a cisco 2600 router HELP!!!

comechivos · ‎09-15-2005

Hi,

We’re having problems with a cisco 2600. It has two full T1 lines connected to the two serial ports and it seems to be creating a loop.

The situation is the following:

If we leave serial 0 up and shut down serial 1, speed is 1.5Mbps

If we leave serial 1 up and shut down serial 0, speed is 1.5Mbps

If we leave both serial 0 and serial 1 up, speed is about 0.3Mbps

here, is the running-config:

vrz-gw>ena

Password:

vrz-gw#show runn

Building configuration...

Current configuration : 2402 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname vrz-gw

!

aaa new-model

enable secret 5 xxxxxxxxxxxxxxxxxxxxx.

enable password xxxxxxxxx

!

username xxxx password 0 xxxxxxxx

ip subnet-zero

no ip source-route

ip cef

!

ip name-server 141.45.32.xxx

ip dhcp excluded-address 10.0.xxx.0 10.100.255.255

ip dhcp excluded-address 10.xxx.0.0 10.255.255.255

!

ip dhcp pool 540-main

network 10.0.xxx.0 255.0.0.0

dns-server 141.45.xxx.xxx

default-router 10.254.xxx.xxx

!

ip inspect name ethernetin cuseeme timeout 3600

ip inspect name ethernetin ftp timeout 3600

ip inspect name ethernetin h323 timeout 3600

ip inspect name ethernetin http timeout 3600

ip inspect name ethernetin rcmd timeout 3600

ip inspect name ethernetin realaudio timeout 3600

ip inspect name ethernetin smtp timeout 3600

ip inspect name ethernetin sqlnet timeout 3600

ip inspect name ethernetin streamworks timeout 3600

ip inspect name ethernetin tcp timeout 3600

ip inspect name ethernetin tftp timeout 30

ip inspect name ethernetin udp timeout 15

ip inspect name ethernetin vdolive timeout 3600

ip audit notify log

ip audit po max-events 100

!

interface FastEthernet0/0

ip address 141.155.xxx.xxx 255.255.255.248

ip nat outside

shutdown

duplex auto

speed auto

!

interface Serial0/0

description Point-to-Point xxxxxx - 53.HCGL.xxxxxx

bandwidth 1544

ip address 141.155.xxx.xxx 255.255.255.252

ip nat outside

ip load-sharing per-packet

!

interface FastEthernet0/1

ip address 10.254.xxx.xxx 255.0.0.0

ip access-group 101 in

ip nat inside

ip inspect ethernetin in

duplex auto

speed auto

!

interface Serial0/1

description Point-to-Point xxxxxxx - 53.HCGL.xxxxxx

bandwidth 1544

ip address 141.155.xxx.xxx 255.255.255.252

ip nat outside

ip load-sharing per-packet

!

ip nat pool serialzero 141.155.xxx.xxx 141.155.xxx.xxx netmask 255.255.255.224

ip nat inside source list 1 pool serialzero overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0

ip route 0.0.0.0 0.0.0.0 Serial0/1

no ip http server

!

access-list 1 permit 10.0.xxx.xxx 0.255.255.255

access-list 11 permit 10.0.xxx.xxx 0.255.255.255

snmp-server community xxxxxxx RO 10

snmp-server enable traps tty

!

line con 0

password xxxxxxxxx

line aux 0

line vty 0 4

access-class 11 in

password xxxxxxxxxx

!

end

vrz-gw#

Thank's a lot,

bye

Richard Burts · ‎09-15-2005

Francisco

There are some things that we do not know that would make it easier to answer your question. First the way that you obscure the IP addresses being used makes it difficult to determine is there is the possibility of a routing issue. Second you do not describe how you are measuring to determine the effect of using both links and what kind of traffic is affected.

But I will make a guess about the problem based on what is in the configuration. I think that your issue is that you specify per packet load balancing. When you do per packet load balancing you introduce the possibility of out of order packets. Some applications are very negatively impacted by out of order packets. They may require executing error recovery logic every time that they see an error/out of order packet, and they may require retransmission of the "bad" packet (and sometimes retransmission of other packets as well).

I suggest that you remove the per packet load balancing, make your measurements again, and let us know if that makes it run better.

HTH

Rick

HTH

Rick

comechivos · ‎09-15-2005

mmm, nop, it is not the "per packet load balancing" because I configured that after that problem happened.

and I'm determine the conection speed with this tool:

http://infospeed.verizon.net

if you need more information to solve this problem, please, ask to me...

Thanks a lot

Francisco

stackhbj1 · ‎09-15-2005

Try ip cef load-sharing universal

kennylls · ‎09-15-2005

Well, I haven't used load balance with Cisco router before, but I think you wish to have your two T1 shown as 1 when connecting to outside.

From the article below, load balance at L3 can either be per packet or per dest. But none of them serve your purpose(if my guess is correct).

Read the article and perhaps the multilinkPPP can meet your expectation.

http://www.cisco.com/en/US/products/hw/modules/ps2033/products_white_paper09186a0080091d4b.shtml

Correct me if my comment is not right.

comechivos · ‎09-20-2005

mmm, nop, that didn't worked, I already tried cef with load sharing per packet and per destination.

today I tried the multilink ppp but didn't work either...

PLEASE HELP ME!!!! this router is driving me crazy!!!

Thank you very much!

cwangskr · ‎09-20-2005

Here is a config from one of our routers and this is a working config for multilink PPP

version 12.3

service timestamps debug uptime

service timestamps log datetime localtime

service password-encryption

!

hostname xxxx

!

boot-start-marker

boot-end-marker

!

clock timezone CST -6

clock summer-time CDT recurring

aaa new-model

!

aaa authentication login console line

aaa authentication login vty group tacacs+ line

aaa authorization commands 1 vty group tacacs+ none

aaa authorization commands 15 vty group tacacs+ none

aaa accounting exec vty start-stop group tacacs+

aaa accounting commands 1 vty start-stop group tacacs+

aaa accounting commands 15 vty start-stop group tacacs+

aaa accounting connection vty start-stop group tacacs+

aaa accounting connection console start-stop group tacacs+

aaa session-id common

ip subnet-zero

!

ip multicast-routing

multilink virtual-template 1

!

interface FastEthernet0/0

ip address 143.115.27.1 255.255.255.0

ip pim sparse-dense-mode

no ip mroute-cache

duplex auto

speed auto

no mop enabled

!

interface Serial0/0

no ip address

encapsulation ppp

pulse-time 3

no fair-queue

service-module t1 clock source internal

service-module t1 timeslots 1-24

ppp multilink

!

interface Serial0/1

no ip address

encapsulation ppp

pulse-time 3

no fair-queue

service-module t1 clock source internal

service-module t1 timeslots 1-24

ppp multilink

!

interface Virtual-Template1

ip address 10.0.27.2 255.255.255.252

ip pim sparse-dense-mode

cdp enable

ppp authentication chap

ppp multilink

!

router ospf 100

log-adjacency-changes

network 10.0.27.0 0.0.0.3 area 0

network 143.115.27.0 0.0.0.255 area 27

!

no ip http server

ip classless

!

ip pim bidir-enable

ip pim accept-rp auto-rp

!

logging trap debugging

!

line con 0

exec-timeout 0 0

password 7 xx

login authentication console

line aux 0

exec-timeout 0 0

password 7 xxx

line vty 0 4

exec-timeout 0 0

password 7 xxxx

login authentication vty

!

end

comechivos · ‎09-21-2005

mmm, I see..... But there tou have only one internet connection.. and, What is the ppp encapsulation??

Richard Burts · ‎09-21-2005

PPP encapsulation is an essential part of multilink. The support for multilink is dependent on all the links using PPP encapsulation so that it can effective bind the group of physical interfaces into one logical interface.

Without PPP encapsulation multilink will not work.

HTH

Rick

HTH

Rick

comechivos · ‎09-21-2005

I see... How do I configure that? and is not going to make a conflict with my ISP interfaces? because I don't think that they have PPP encapsulation to....

THANKS!

cwangskr · ‎09-22-2005

PPP Enacpsulation only works with Cisco routers, so ISP side also needs a Cisco router to get this working. Only other option you have (static route with 2 T1's) may be get 2 frame relay circuits nad do the following.

1. Build the Multi-link frame-relay interface to contain the following:

interface MFR0

no ip address

encapsulation frame-relay IETF

frame-relay lmi-type ansi

4. Build a Sub interface to contain the following:

interface MFR0.1 point-to-point

ip address XXX.XXX.XXX.XXX 255.255.255.252

frame-relay interface-dlci YYY

XXX.XXX.XXX.XXX = WAN ADDRESS

YYY = DLCI

5. Ensure the Serial Interface contains the following information:

interface Serial1/0:0

service-module t1 time-slot 1-24 speed 64

service-module t1 framing esf

service-module linecode b8zs

no ip address

encapsulation frame-relay MFR0

no arp frame-relay

6. Ensure the Serial Interface contains the following information:

interface Serial2/0:0

service-module t1 time-slot 1-24 speed 64

service-module t1 framing esf

service-module linecode b8zs

no ip address

encapsulation frame-relay MFR0

no arp frame-relay

7. Assign a default route statement as below:

ip classless

ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX

Richard Burts · ‎09-22-2005

It is absolutely not true that PPP works only with Cisco routers. PPP is standards based and works with just about every vendor's equipment.

I think you have inverted your understanding of HDLC and PPP. Cisco's implementation of HDLC is proprietary and may or may not work with other vendor's equipment but PPP is standards based.

Your suggestion of Frame Relay Multilink is interesting but I feel perhaps more complicated than the implementation of PPP multilink which you preveiously discussed. It would be a very significant amount of change. And it would certainly require the ISP to make significant changes on their end. I believe that the suggestion that you made about implementing PPP multilink is simpler and easier to achieve.

HTH

Rick

HTH

Rick

comechivos · ‎09-22-2005

mm, I think u're righ rburts.

But ppp encapsulation, it will work if the ISP end has HDLC encapsulation?

Thats My problem, because if something goes wrong I'm not going to able to connect the router anymore because I use it by remote.

Thank you very much, an forgive my English. I'm Argentinian. I can't talk to much english

sorry...

THANKS!