Slow 2801 performance

maloyal · ‎12-10-2015

hello, a while back we upgraded our cable isp to 50/10Mb setup at one of our remote offices. Since then our performance thru the Cisco 2801 has been pretty abysmal. Sometimes we can get 40 down but never more than 1Mb up. Sometimes, the download will slow to 9Mb down. The 2801 i believe has 4 pots line with cisco VoIP phones connected back to a call manager at our HQ over VPN tunnel. This was all setup by a consultant.

The specs on the router are:

mobile-2801#show version
Cisco IOS Software, 2801 Software (C2801-ADVIPSERVICESK9-M), Version 12.4(8d), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 25-Jul-07 19:34 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

mobile-2801 uptime is 24 weeks, 2 days, 23 hours, 38 minutes
System returned to ROM by power-on
System image file is "flash:c2801-advipservicesk9-mz.124-8d.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 2801 (revision 7.0) with 117760K/13312K bytes of memory.
Processor board ID FTX1223Y194
2 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
4 Voice FXO interfaces
1 DSP, 4 Voice resources
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Here is the current config:

!
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
!
hostname mobile-2801
!
boot-start-marker
boot system flash flash:c2801-advipservicesk9-mz.124-8d.bin
boot-end-marker
!
logging buffered 32000 debugging
logging rate-limit all 20
no logging console
enable secret 5
!
no aaa new-model
!
resource policy
!
clock timezone CST -6
clock summer-time CDT recurring
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.152.0 172.16.152.19
ip dhcp excluded-address 172.16.152.128 172.16.152.147
!
ip dhcp pool PCs
network 172.16.152.0 255.255.255.128
default-router 172.16.152.1
dns-server 172.16.10.12 172.16.10.13
!
ip dhcp pool Phones
network 172.16.152.128 255.255.255.128
option 150 ip 172.16.20.6 172.16.20.5
default-router 172.16.152.129
!
!
ip ftp source-interface FastEthernet0/0.1
no ip domain lookup
ip domain name corp.mavtech.cc
ip ssh version 2
ip inspect name FW ftp
ip inspect name FW dns
ip inspect name FW echo
ip inspect name FW http
ip inspect name FW https
ip inspect name FW udp
ip inspect name FW tcp
!
!
voice-card 0
codec complexity high
dsp services dspfarm
!
!
!
!
voice class codec 1
codec preference 1 g729r8
codec preference 2 g711ulaw
!
!
!
voice class h323 1
h225 timeout setup 3
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4036371636
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4036371636
revocation-check none
rsakeypair TP-self-signed-4036371636
!
!
crypto pki certificate chain TP-self-signed-4036371636
certificate self-signed 01
!
application
global
service alternate default
!
!
username aosadmin privilege 15 secret 5
username admin privilege 15 secret 5
archive
log config
logging enable
hidekeys
path flash:/archive
maximum 3
write-memory
!
!
class-map match-any net-control
match ip dscp cs6
match access-group name ike
class-map match-any rtp
match protocol rtp audio
class-map match-any signaling
match ip dscp cs3
match protocol skinny
!
!
policy-map VPN-out
class rtp
priority 220
class signaling
bandwidth 16
class net-control
bandwidth 64
class class-default
set ip dscp default
fair-queue
queue-limit 16
policy-map 1Mbps-CM
class class-default
shape average 950000 9500 0
service-policy VPN-out
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key \ address
!
!
crypto ipsec transform-set mobile-al esp-3des esp-sha-hmac
!
crypto map cmap-1 local-address FastEthernet0/1
crypto map cmap-1 1 ipsec-isakmp
set peer
set transform-set mobile-al
set pfs group2
match address 102
qos pre-classify
!
!
!
!
interface Loopback0
description Loopback for PSTN MOH and SRST
ip address 172.17.152.1 255.255.255.255
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0
no ip address
ip access-group acl-outside in
load-interval 30
duplex auto
speed auto
!
interface FastEthernet0/0.1
description Mobile, AL - Data Vlan
encapsulation dot1Q 1 native
ip address 172.16.152.1 255.255.255.128
ip nat inside
ip inspect FW in
no ip virtual-reassembly
ip tcp adjust-mss 1360
!
interface FastEthernet0/0.2
description Mobile, AL - Voice Vlan
encapsulation dot1Q 2
ip address 172.16.152.129 255.255.255.128
ip inspect FW in
ip tcp adjust-mss 1360
h323-gateway voip interface
h323-gateway voip bind srcaddr 172.16.152.129
!
interface FastEthernet0/1
ip address * 255.255.255.248
ip access-group acl-outside in
ip nat outside
no ip virtual-reassembly
load-interval 30
duplex auto
speed auto
crypto map cmap-1
service-policy output 1Mbps-CM
!
ip route 0.0.0.0 0.0.0.0 *
!
!
no ip http server
ip http secure-server
ip nat pool mobile-al * * prefix-length 24
ip nat inside source list 100 pool mobile-al overload
!
ip access-list extended acl-outside
permit esp any any
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit ahp any any
permit tcp host * any eq 22
permit tcp host * any eq 22
deny tcp any host * eq 22
deny ip any any
ip access-list extended ike
permit udp any eq isakmp any eq isakmp
!
access-list 1 deny any
access-list 2 permit *
access-list 2 permit *****
access-list 100 remark nonat-acl
access-list 100 deny ip 172.16.152.0 0.0.0.255 172.16.0.0 0.12.255.255
access-list 100 deny ip host 172.17.152.1 172.16.0.0 0.12.255.255
access-list 100 permit ip any any
access-list 101 remark crypto acl
access-list 101 permit ip 172.16.152.0 0.0.0.127 any
access-list 101 remark keep voice on separate SA for QoS
access-list 101 permit ip 172.16.152.128 0.0.0.127 any
access-list 101 permit ip host 172.17.152.1 any
access-list 102 remark crypto acl
access-list 102 permit ip 172.16.152.0 0.0.0.127 172.16.0.0 0.0.255.255
access-list 102 permit ip 172.16.152.128 0.0.0.127 172.16.0.0 0.0.255.255
access-list 102 permit ip host 172.17.152.1 172.16.0.0 0.0.255.255
access-list 150 deny tcp 172.16.20.0 0.0.0.255 any
access-list 150 deny tcp any 172.16.20.0 0.0.0.255
access-list 150 permit ip any any
snmp-server community Mobile RO
snmp-server location Server Room
snmp-server contact sysadmin@mavtechglobal.com
!
!
!
!
control-plane
!
!
!
voice-port 0/0/0
input gain 10
connection plar opx 1030
description 251-479-4005
caller-id enable
!
voice-port 0/0/1
input gain 6
connection plar opx 1030
description 251-479-2009
caller-id enable
!
voice-port 0/0/2
input gain 6
connection plar opx 1030
description 251-479-4033
caller-id enable
!
voice-port 0/0/3
!
ccm-manager music-on-hold
!
!
!
!
dial-peer voice 1 voip
preference 1
destination-pattern 1030
voice-class codec 1
voice-class h323 1
session target ipv4:172.16.20.6
dtmf-relay h245-alphanumeric
ip qos dscp cs3 signaling
no vad
!
dial-peer voice 2 voip
preference 2
destination-pattern 1030
voice-class codec 1
voice-class h323 1
session target ipv4:172.16.20.5
dtmf-relay h245-alphanumeric
ip qos dscp cs3 signaling
no vad
!
dial-peer voice 10 pots
destination-pattern 911
port 0/0/0
forward-digits 3
!
dial-peer voice 11 pots
destination-pattern 911
port 0/0/1
forward-digits 3
!
dial-peer voice 12 pots
destination-pattern 911
port 0/0/2
forward-digits 3
!
dial-peer voice 20 pots
destination-pattern 9911
port 0/0/0
forward-digits 3
!
dial-peer voice 21 pots
destination-pattern 9911
port 0/0/1
forward-digits 3
!
dial-peer voice 22 pots
destination-pattern 9911
port 0/0/2
forward-digits 3
!
dial-peer voice 30 pots
destination-pattern 9T
port 0/0/0
!
dial-peer voice 31 pots
destination-pattern 9T
port 0/0/1
!
dial-peer voice 32 pots
destination-pattern 9T
port 0/0/2
!
!
!
call-manager-fallback
max-conferences 4 gain -6
transfer-system full-consult
ip source-address 172.17.152.1 port 2000
max-ephones 10
max-dn 10 dual-line preference 2
transfer-pattern .T
no huntstop
alias 1 1030 to 1032
call-forward pattern .T
moh moh.wav
multicast moh 239.1.1.1 port 16388 route 172.16.152.1 172.17.152.1
time-zone 8
!
!
line con 0
exec-timeout 45 0
line aux 0
line vty 0 4
password 7 11041813161606050A
login
transport input telnet
line vty 5 6
access-class 2 in
password 7 10750439333716065D0A16282D3B303A1F
login local
transport input ssh
line vty 7 15
access-class 1 in
password 7 10750439333716065D0A16282D3B303A1F
login
!
scheduler allocate 20000 1000
ntp clock-period 17177794
ntp server 172.16.10.12
end

I tried disabling the virtual reassembly (per a search) but no gain on the upload side. Are we at the limits on this device?

Thanks for reading

Richard Bradfield · ‎12-10-2015

looks like you are shaping to 1Mbps not 10Mbps

policy-map 1Mbps-CM
class class-default
shape average 950000 9500 0 < see here should be 9500000 95000 0 for 10Mbps
service-policy VPN-out
!

maloyal · ‎12-10-2015

Thank you sir! I made the change and got bout 6Mb down. Much better than the 868kb.

maloyal · ‎01-27-2016

Hi, i made this change and while my speed is decent, my phones randomly goto fast busy when folks try to call.

Here is that portion:

policy-map VPN-out
class rtp
priority 220
class signaling
bandwidth 16
class net-control
bandwidth 64
class class-default
set ip dscp default
fair-queue
queue-limit 16
policy-map 1Mbps-CM
class class-default
shape average 9500000 95000 0
service-policy VPN-out

can i change something here to fix this fast busy issue?

Joseph W. Doherty · ‎01-27-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Fast busy from transient congestion?

PS:

BTW, your queue-limit of 16, for FQ, at 10 Mbps, is likely much too shallow.

If so, you might try setting your shaper to 8500000.

maloyal · ‎01-27-2016

Unfortunately i'm only guessing as to the cause of the fast busy, but transient congestion could certainly be a cause after increasing the bandwidth.

I will adjust the shaper and give it a try.

So it should be: shape average 8500000 95000 0?

Sincere thanks!

Joseph W. Doherty · ‎01-27-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Assuming you want to maintain your Tc at 10ms, 2nd value should be 85000.

maloyal · ‎01-29-2016

Well crap...I made the changes and still the issue persists. I even rolled the router back to the original config and still phones will go into fast busy. It seems you can make the phones go into fast busy by calling the system 3 consecutive times.

At this point, station to station calling still works, but no sound is transmitted.

Trying to get a Cisco partner to look at this today.

Thanks for the help.

Joseph W. Doherty · ‎01-29-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

3 consecutive or concurrent VoIP calls?

Your LLQ class only allocates 220K, and if using g711, with overhead, you need about 100K per call.

What do your CBWFQ stats look like?

maloyal · ‎01-29-2016

It was actually 3 consecutive voice calls going out the local PSTN. Attempting to make another call the phone would have dial tone, accept the # then goto fast busy....like maybe there was no analog line to allow the outgoing call.

However, no one else is/was in office using a line....like the lines were not being released.

But what's even more odd is that a station to station call over the WAN (strictly voip and internal to the system) completes but no sound is heard on either end.

Cycling power to the switch restores functionality. Local resource also cycled power to cable modem and that also restored functionality. That would not have anything to do with the analog phone lines however.

Odd stuff.

maloyal · ‎02-01-2016

our call managers (6.1.2.1000-13) had been up for 500+ days so i rebooted them over the weekend.

These remote phones are still failing after 3 consecutive calls. Resetting the phone restores service. connectivity is fine between remote site and main site.

PHones are our main site connected to same call managers do not have any issues.

maloyal · ‎02-01-2016

Tech worked on the issue and did a packet capture on phone. ON the 4th & troublesome call he stated he did not see the expected messages from the Call Mgr to the phone.

WAN tunnel is not experiencing any issues.