I understand all of that about floating static routes. Makes perfect sense. What I meant was that the subnet has two physical gateways. Picture a typical network diagram with a horizontal subnet drawn across the paper. On one end is the p-t-p link with the 110.1 address and the other end is the 110.6 address which is the vpn and Internet gateway. Shouldn't there be one physical gateway that is attached to a router and have that router attached to the Internet, subnet, and p-t-p linkV? Or doesn't it matter? What can I do to test the routers for lousy connectivity?

NY_router#show service-module serial 1

Module type is T1/fractional

Hardware revision is 0.88, Software revision is v1.10,

Image checksum is 0x461796D6, Protocol revision is 0.1

Receiver has no alarms.

Framing is ESF, Line Code is B8ZS, Current clock source is internal,

Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.

Last module self-test (done at startup): Passed

Last clearing of alarm counters 2d23h

loss of signal : 0,

loss of frame : 0,

AIS alarm : 0,

Remote alarm : 0,

Module access errors : 0,

Total Data (last 96 15 minute intervals):

0 Line Code Violations, 0 Path Code Violations

4573 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 31 Degraded Mins

4573 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

Data in current interval (217 seconds elapsed):

0 Line Code Violations, 0 Path Code Violations

12 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

12 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

GA_router>en

Password:

GA_router#show service-module serial 1

Module type is T1/fractional

Hardware revision is 0.88, Software revision is 1.07,

Image checksum is 0x8510A6B6, Protocol revision is 0.1

Receiver has no alarms.

Framing is ESF, Line Code is B8ZS, Current clock source is internal,

Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.

Last module self-test (done at startup): Passed

Last clearing of alarm counters 2d23h

loss of signal : 0,

loss of frame : 0,

AIS alarm : 0,

Remote alarm : 0,

Module access errors : 0,

Total Data (last 96 15 minute intervals):

0 Line Code Violations, 0 Path Code Violations

4391 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

4391 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

Data in current interval (129 seconds elapsed):

0 Line Code Violations, 0 Path Code Violations

7 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

7 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

James

While it may be a bit more common to have a single gateway router for the subnet, it is not a problem to have 2 gateway routers. Some people I know choose to do it this way to provide greater redundancy - in the router with the point to point were to fail the subnet still has a way to get out. If there were a single gateway router then there is a single point of failure.

I will note that if there are going to be 2 gateway routers that it is common to run HSRP between the gateway routers so that the end station default gateway works to either gateway. In the way that it is configured now, if there is a failure of the point to point router in GA (failure of the router rather than failure of the ptp link) then I believe that the GA subnet would have no effective gateway.

Relative to your other post: the show service-module shows that things are not as bad as they were. But there are still significant problems. In particular both routers have a significant number of slip seconds and of Error seconds (which would be the slip seconds). I note that the ISP now has both routers set to clock internal. In my experience usually only one router is set to clock source internal and the other is left with clock source line. I am not sure that is the cause of the problem, but I would suggest to the ISP that they try it with only one router set to clock source internal.

HTH

Rick

I looked back on my previous posts and discovered that prior to any change by the ISP, both routers were set to clock source line. Now they are both set to clock source internal. So, by doing that, they have allowed the connection to work intermittently? Maybe these guys don't know what they are doing...

What is the real difference between internal and line?

James

In my experience the most common situation is for both routers on a leased line point to point circuit to be configured for clock source line in which the routers look for timing signals generated by the provider on the circuit. They use this to control and to synchronize their signaling. In some cases the provider does not provide clock on the circuit and one of the routers is configured for clock source internal in which case the router uses an internal oscillator to generate the clocking signal.

While I can not say for sure that having both set for clock source internal is causing the problem at this point, I would surely suggest to the ISP that you would like to see what happens if only one is set for clock source internal.

HTH

Rick

Can I issue the commands on the router myself? What would they be?

I can log on to both routers.

James

As long as you have access to enable mode then you certainly can enter the command yourself. The command is quite simple:

interface Serial1

service-module t1 clock source line

note that this sets the clock source to its default value and probably it will not show up when you do show run. You can verify the setting in the output of the show service-module. Also note that I do not have much experience with 1602 routers and assume the syntax is similar to other routers. If you get a syntax error you should be able to use the question mark help to figure out the particular syntax.

HTH

Rick

I don't think that changes much:

GA_router>en

Password:

GA_router#show service-module serial 1

Module type is T1/fractional

Hardware revision is 0.88, Software revision is 1.07,

Image checksum is 0x8510A6B6, Protocol revision is 0.1

Receiver has no alarms.

Framing is ESF, Line Code is B8ZS, Current clock source is internal,

Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.

Last module self-test (done at startup): Passed

Last clearing of alarm counters 3d02h

loss of signal : 0,

loss of frame : 0,

AIS alarm : 0,

Remote alarm : 0,

Module access errors : 0,

Total Data (last 96 15 minute intervals):

0 Line Code Violations, 0 Path Code Violations

4381 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

4381 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

Data in current interval (714 seconds elapsed):

0 Line Code Violations, 0 Path Code Violations

28 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

28 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

NY_router#show service-module serial 1

Module type is T1/fractional

Hardware revision is 0.88, Software revision is v1.10,

Image checksum is 0x461796D6, Protocol revision is 0.1

Receiver has no alarms.

Framing is ESF, Line Code is B8ZS, Current clock source is line,

Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.

Last module self-test (done at startup): Passed

Last clearing of alarm counters 3d02h

loss of signal : 0,

loss of frame : 0,

AIS alarm : 0,

Remote alarm : 0,

Module access errors : 0,

Total Data (last 96 15 minute intervals):

0 Line Code Violations, 0 Path Code Violations

4560 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 31 Degraded Mins

4560 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

Data in current interval (36 seconds elapsed):

0 Line Code Violations, 0 Path Code Violations

0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

What would you suggest?

James

Without knowing when you made the change and how much of the error statistics was before the change and how much after the change (given that the statistics accumulate over a 24 hour interval), it is hard to asses the impact of the change. The error count in GA (clock source still internal) for the current interval is showing about the same frequency of error. The count for NY (now is clock source line) for the current interval is hard to interpret since it only measures 36 seconds. If you give it a little while longer and the error statistics stay about the same then we can conclude that clock source is not the major factor in the problem. At that point I would go back to the ISP and say that you continue to get these many errors and that performance is suffering, and ask what they can do.

HTH

Rick

This is the latest output from this morning:

NY_router>en

Password:

NY_router#show service-module serial 1

Module type is T1/fractional

Hardware revision is 0.88, Software revision is v1.10,

Image checksum is 0x461796D6, Protocol revision is 0.1

Receiver has no alarms.

Framing is ESF, Line Code is B8ZS, Current clock source is line,

Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.

Last module self-test (done at startup): Passed

Last clearing of alarm counters 3d17h

loss of signal : 0,

loss of frame : 0,

AIS alarm : 0,

Remote alarm : 0,

Module access errors : 0,

Total Data (last 96 15 minute intervals):

0 Line Code Violations, 0 Path Code Violations

1831 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 31 Degraded Mins

1831 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

Data in current interval (67 seconds elapsed):

0 Line Code Violations, 0 Path Code Violations

0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

GA_router#show service-module serial 1

Module type is T1/fractional

Hardware revision is 0.88, Software revision is 1.07,

Image checksum is 0x8510A6B6, Protocol revision is 0.1

Receiver has no alarms.

Framing is ESF, Line Code is B8ZS, Current clock source is internal,

Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.

Last module self-test (done at startup): Passed

Last clearing of alarm counters 3d16h

loss of signal : 0,

loss of frame : 0,

AIS alarm : 0,

Remote alarm : 0,

Module access errors : 0,

Total Data (last 96 15 minute intervals):

0 Line Code Violations, 0 Path Code Violations

1784 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

1784 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

Data in current interval (898 seconds elapsed):

0 Line Code Violations, 0 Path Code Violations

0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

James

At this point you have a better configuration for clock source and it does not seem to make much difference. I would go back to the ISP and say that you continue to get these many errors and that performance is suffering, and ask what they can do.

HTH

Rick

Rick,

Since you were so helpful before, I would like to get your input on a few things. I finally convinced the powers-that-be here that we need to reconfigure the network. So, we will be implementing a different, but simpler, network topology. When I do a sh ip route command on the NY router, I get this:

User Access Verification

Password:

NY_router>en

Password:

NY_router#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 192.168.110.6 to network 0.0.0.0

S 192.168.120.0/24 [1/0] via 10.1.2.2

C 192.168.110.0/24 is directly connected, Ethernet0

10.0.0.0/24 is subnetted, 1 subnets

C 10.1.2.0 is directly connected, Serial1

S* 0.0.0.0/0 [1/0] via 192.168.110.6

NY_router#

Doesn't the S* at the bottom mean that every request goes back to 110.6 because it is the candidate default?

I assume the GA router has the same statement except it would be 0.0.0.0/0 [1/0] via 192.168.120.2

What we are planning on doing is to eliminate the two physical gateways on the subnet. We will have the Internet coming into the WAN port on the Sonicwall firewall. Then have the LAN port on the Sonicwall directly connected to the E/0 port on a 2611. E/1 will be the actual LAN subnets and the DSU/CSU WIC will be the point-to-point connection between the two offices. This will give us the 1 gateway per subnet and allow us to use the p-t-p as it should be set up.

Everything correct so far?

The subnets will use 110.0 for NY and 120.0 for GA. My question is this. Since we only have a simple network, I guess putting in Static routes is the way to go, instead of configuring OSPF or any other form of dynamic routing because it will never change once implemented.

What ip address scheme should I give the E/0 port which is connected to the Sonicwall? I was thinking something like 192.168.0.1/24. Is this correct?

James

In the statement S* 0.0.0.0/0 [1/0] via 192.168.110.6, the S* indicates that this is a static configured route (default route). What it means is that any packet for which there is not a more specific route will be sent through the default route. (this is subtly different from saying that every request goes back to 110.6 - especially anything for the GA office in 192.168.120.0 will go over the serial rather than going through 110.6)

I can certainly understand the desire to redesign the network and to simplify it. There are some trade-offs and I think you should be clear about them as you redesign the network. In the previous design with two routers at each site, if there was a problem with the Internet facing router there was an alternative that gave you connectivity to the other office and at least possibly an alternate route to the Internet through the second router. With a single router at each site you give up some of this redundancy.

Certainly static routes have less overhead than a dynamic routing protocol. Static routes are especially appropriate for networks that are very stable and most especially for networks in which there is only a single way to get to most destinations. If GA is going to use the serial primarily as a way to get to the NY network but also to use the serial as a backup way to get to the Internet if the primary path through the firewall should have a problem you might think whether a dynamic routing protocol could react to failures better than a static route will.

In issues like this I believe that frequently there is not a clear answer about what is best. You need to consider the advantages of several approaches and decide which fits best in that particular situation.

As for the subnet addressing to use between the router and the firewall I believe that 192.168.0.0 is a fine network to use. If it really has only 2 devices on it (router and firewall) you could use a mask much smaller than /24. But since you are using a /24 on the point to point serial I guess for consistency go ahead with a /24 between router and firewall.

HTH

Rick

Thanks. I understand the redundancy issue, but in this case I am willing to give that up. It's a very strange situation in which the two gateways are not functioning correctly, and we are forced to use the gateways that reach the Sonicwalls first.

Also, am I correct in saying that we can simply copy and past the current configuration into the new routers and then just manually add the route and ip info for the new interface? Or will we need to do some other reconfigurations?

If I write in for the E/0 interface: ip address 192.168.0.1 255.255.255.0, no shut

and then add in a static route for that interface.

Change the ip address in the LAN interface of the sonicwall to 192.168.0.2

This should work?