Solved: Thanks Peter. Sorry I couldn

NInja Black · ‎08-14-2014

Hi,

I recently installed a EHWIC card on the Cisco 3925 router. After that I saw in my network monitoring tool that the interfaces Backplane, NVI, Null0 have started showing bandwidth utilisation. I understand the bandwidth util in the 'Backplane-GigabitEthernet0/3-Ba0/3' is because of the EHWIC card but whYis there traffic showing now in NVI and Null0 interfaces?

Peter Paluch · ‎08-16-2014

Hi,

Thank you for the config.

You are using the NVI style of NAT - you have your interfaces configured with ip nat enable instead of inside/outside, and you are using the ip nat source command to activate the address translation. This style of NAT configuration may result in packets being internally forwarded over the virtual NVI0 interface to allow IOS to do its NATting work. Therefore, I would say that seeing packets being forwarded by NVI0 interface is normal and is the result of the way you have your NAT configured.

Regarding the Null0 interface, it is generally difficult to say why packets are being forwarded over this interface - and discarded as a result. You may want to see the show ip cef and show ip cef null0 command outputs to see what routing entries point toward this interface and see if they match any traffic that could possibly be generated by stations attached to your router.

As I indicated earlier, finding out what traffic is forwarded over NVI0 and Null0 can be a nice detective work, but as long as you do not perceive any connectivity or throughput issues, I recommend viewing it just as a curiosity.

Best regards,
Peter

View solution in original post

Peter Paluch · ‎08-14-2014

Hi,

To be honest, I haven't done this kind of monitoring on routers because the NVI and Null0 interfaces are virtual interfaces whose load I never considered to be relevant. Nonetheless, we could perhaps try to at least guess what is going on but for that, we would need to see your running-config. Is it possible for you to post it after removing sensitive information?

Thanks!

Best regards,
Peter

NInja Black · ‎08-15-2014

Thanks for your response peter.

Any insight would be great.

Below is the output.

Cisco3925# sh run
Building configuration...

Current configuration : 9353 bytes
!
!
######### OUTPUT OMITTED #########
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco3925
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
no logging console
enable XXX XXXX XXXXXX
!
no aaa new-model
clock timezone EST -5 0
!
!
!
!
!
!
!
ip domain name XXXXXXXX
ip name-server 75.75.75.75
ip name-server 75.75.76.76
ip name-server 4.2.2.1
ip name-server 4.2.2.2
ip cef
login block-for 60 attempts 5 within 30
login on-failure log
login on-success log
ipv6 unicast-routing
ipv6 spd queue min-threshold 62
ipv6 spd queue max-threshold 63
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-2051591686
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2051591686
revocation-check none
rsakeypair TP-self-signed-2051591686
!
!
crypto pki certificate chain TP-self-signed-2051591686
certificate self-signed 01

######### OUTPUT OMITTED #########

C40DCAFB 59866F25 06A6AC32 13F85A
quit
license udi pid C3900-SPE100/K9 sn FOC17364MQB
!
!
archive
log config
logging enable
notify syslog contenttype plaintext

######### OUTPUT OMITTED #########

redundancy
!
!
!
class-map match-any CAsip
match protocol sip
match protocol rtcp
match protocol rtp
match protocol rtsp
!
policy-map CAqos
class CAsip
priority percent 65
set dscp ef
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ENS_Link
ip address 10.XX.XX.XX 255.255.255.0
ip access-group 120 in
ip virtual-reassembly in
duplex full
speed 100
ipv6 enable
!
interface GigabitEthernet0/1
description ISP1
ip address 50.XX.XX.XX 255.255.255.252
ip access-group 199 in
no ip redirects
ip nat enable
ip virtual-reassembly in
duplex full
speed 100
ipv6 enable
hold-queue 1500 in
!
interface GigabitEthernet0/2
description ISP2
ip address 10.XX.XX.XX 255.255.255.0
ip access-group 199 in
no ip redirects
ip virtual-reassembly in
duplex auto
speed auto
ipv6 enable
!
interface GigabitEthernet0/0/0
switchport access vlan 10
no ip address
!
interface GigabitEthernet0/0/1
switchport access vlan 10
no ip address
!
interface GigabitEthernet0/0/2
switchport access vlan 10
no ip address
!
interface GigabitEthernet0/0/3
switchport access vlan 10
no ip address
!
interface Vlan1
no ip address
!
interface Vlan10
description XXX
ip address 10.XX.XX.XX 255.255.255.248
ip access-group 120 in
no ip redirects
ip nat enable
ip virtual-reassembly in
service-policy output CAqos
!
!
router eigrp 101
network 10.XX.XX.XX 0.0.0.255

######### OUTPUT OMITTED #########

redistribute connected
redistribute static
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat source list 10 interface GigabitEthernet0/1 overload
i######### OUTPUT OMITTED #########
ip route 0.0.0.0 0.0.0.0 50.XX.XX.XX
######### OUTPUT OMITTED #########!
!
logging host 10.XX.XX.XX
!
!
snmp-server community XX RW
snmp-server chassis-id Cisco3925-XX
snmp-server enable traps snmp linkdown linkup coldstart warmstart
snmp-server host 10.XX.XX.XX version 2c XX
access-list 10 permit 10.XX.XX.XX 0.0.0.7
######### OUTPUT OMITTED #########
access-list 120 permit ip any any
access-list 199 deny tcp any any eq telnet
access-list 199 permit ip any any
access-list 199 permit icmp any any
!
control-plane
!
!
banner exec ^CCC
######### OUTPUT OMITTED #########^C
!
line con 0
exec-timeout 5 30
privilege level 15
password 7 XXXX
login local
line aux 0
privilege level 15
password 7 XXXX
login local
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
timeout login response 300
privilege level 15
password 7 XXXX
login local
transport input telnet ssh
line vty 5 15
timeout login response 300
privilege level 15
password 7 XXXX
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp master 3
ntp peer 10.XX.XX.XX
ntp peer 10.XX.XX.XX
ntp peer 10.XX.XX.XX
!
end

Cisco3925#
Cisco3925#
Cisco3925#
Cisco3925#

Peter Paluch · ‎08-16-2014

Hi,

Thank you for the config.

You are using the NVI style of NAT - you have your interfaces configured with ip nat enable instead of inside/outside, and you are using the ip nat source command to activate the address translation. This style of NAT configuration may result in packets being internally forwarded over the virtual NVI0 interface to allow IOS to do its NATting work. Therefore, I would say that seeing packets being forwarded by NVI0 interface is normal and is the result of the way you have your NAT configured.

Regarding the Null0 interface, it is generally difficult to say why packets are being forwarded over this interface - and discarded as a result. You may want to see the show ip cef and show ip cef null0 command outputs to see what routing entries point toward this interface and see if they match any traffic that could possibly be generated by stations attached to your router.

As I indicated earlier, finding out what traffic is forwarded over NVI0 and Null0 can be a nice detective work, but as long as you do not perceive any connectivity or throughput issues, I recommend viewing it just as a curiosity.

Best regards,
Peter

NInja Black · ‎08-22-2014

Thanks Peter.

Sorry I couldn't get back to you earlier.

I do not see any output for sh ip cef null0.

But I am not going to worry about it as its not causing any issues. Just wanted to get some info on it and your reply helped.

Thanks!!!