06-15-2022 10:39 AM - edited 06-15-2022 10:42 AM
Hello team,
R2#ping 31.42.53.225 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 31.42.53.225, timeout is 2 seconds: !!..! Success rate is 60 percent (3/5), round-trip min/avg/max = 10/11/13 ms
SWTCH01#sho run int g1/0/4 Building configuration... Current configuration : 124 bytes ! interface GigabitEthernet1/0/4 description wan1-1 switchport access vlan 666 srr-queue bandwidth limit 50 end SWTCH01#sho run int g1/0/5 Building configuration... Current configuration : 124 bytes ! interface GigabitEthernet1/0/5 description wan1-2 switchport access vlan 666 srr-queue bandwidth limit 50 end ----- SWTCH02#sho run int g1/0/4 Building configuration... Current configuration : 124 bytes ! interface GigabitEthernet1/0/4 description wan2-1 switchport access vlan 666 srr-queue bandwidth limit 50 end SWTCH02#sho run int g1/0/5 Building configuration... Current configuration : 124 bytes ! interface GigabitEthernet1/0/5 description wan2-2 switchport access vlan 666 srr-queue bandwidth limit 50 end -----
class-map match-all CLAS-VLAN-666 match access-group name POLICE-VLAN-666 policy-map POLICE-VLAN-666 class CLAS-VLAN-666 police cir 500000000 conform-action transmit exceed-action drop interface GigabitEthernet3.666 service-policy input POLICE-VLAN-666 ip access-list extended POLICE-VLAN-666 10 permit ip any 20.63.44.0 0.0.0.255 20 permit ip 20.63.44.0 0.0.0.255 anyRouter WAN interface:
interface GigabitEthernet1 description WAN2 ip flow monitor 247MONITOR input ip flow monitor 247MONITOR output ip address 31.42.53.226 255.255.255.248 ip access-group WAN_IN in speed 1000 no negotiation auto no mop enabled no mop sysid service-policy input POLICE-VLAN-666 !
06-15-2022 10:43 AM
Drop is 60 meaning almost 2/3,
So check
Show ip route do you see two equal path to destiantion you ping ?
If yes then you may have asymmetric routing issue.
06-15-2022 10:58 AM
Hello there,
I didn't see anyother equal path to the destination.
R2#Show ip route | include 31.42.53.225 Gateway of last resort is 31.42.53.225 to network 0.0.0.0 B* 0.0.0.0/0 [20/0] via 31.42.53.225, 2d01h
06-15-2022 11:02 AM - edited 06-15-2022 01:07 PM
please see my below comment.
06-15-2022 10:57 AM
Any suggestion will be helpful in resolving the ping drop issue.
Is the R2 is the router connected to ISP : ( what Router modeL, what IOS code running ?)
Default the Interface gi1 config, Configuring the only IP address do test pings and post the outcome before we can suggest something :
also post :
show interface GigabitEthernet1
06-15-2022 11:09 AM
Hello Balaji,
Yes R2 is the router connected to ISP.
Model: Cisco CSR1000v
Cisco IOS XE Software, Version 17.03.05
R2#sho run int G1 Building configuration... Current configuration : 336 bytes ! interface GigabitEthernet1 description WAN2 ip address 31.42.53.226 255.255.255.248 ip access-group WAN_IN in speed 1000 no negotiation auto no mop enabled no mop sysid service-policy input POLICE-VLAN-666 ! This is the int that am pinging from outside and shows the drop. Ping from another router #ping 31.42.53.226 repeat 500 Type escape sequence to abort. Sending 500, 100-byte ICMP Echos to 31.42.53.226, timeout is 2 seconds: !.!.!.!.!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!! !!!!!!!!!.!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!.!!!.!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!.!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!.!!!!!!!!!!!!!!.!!!!!!!!!! !!!!!!!!!! Success rate is 96 percent (481/500), round-trip min/avg/max = 2/5/24 ms
06-15-2022 11:12 AM
R2#sho int G1
requested above output see how the interface connected.
CSR1000v ? This is virtual how is this connected ?
i see you are running BGP with ISP for peering ?
06-15-2022 11:20 AM
Hello Balaji,
Sorry here is the result:
R2#sho int g1 GigabitEthernet1 is up, line protocol is up Hardware is CSR vNIC, address is b2e9.ac2f.f77c (bia b2e9.ac2f.f77c) Description: WAN2 Internet address is 31.42.53.226/29 MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, reliability 255/255, txload 117/255, rxload 93/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full Duplex, 1000Mbps, link type is force-up, media type is Virtual output flow-control is unsupported, input flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/375/1678/688 (size/max/drops/flushes); Total output drops: 25433266 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 365959000 bits/sec, 54144 packets/sec 5 minute output rate 459093000 bits/sec, 55448 packets/sec 89449735991 packets input, 104017328718113 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 94095840349 packets output, 65381523742104 bytes, 0 underruns Output 0 broadcasts (0 IP multicasts) 0 output errors, 0 collisions, 4 interface resets 61 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 1 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out
Yes we running BGP with ISP!
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.1.8 4 631 39561 39529 71 0 0 3w3d 13 31.42.53.225 4 175 2988 3285 71 0 0 2d01h 1
06-16-2022 12:05 AM
#ping 31.42.53.226 repeat 500
Are you poing from outside to CSR router ? or pinging inside CSR router this CSR router IP right ?
Input queue: 0/375/1678/688 (size/max/drops/flushes); Total output drops: 25433266
Is this a production network? other than ping do you have any other performance issues (sometimes Ping is not the right tool to test, but it's a basic tool just check) - due to new enhancement, the control plan will be applied to some restrictions, because of DDoS attacks.
If you get a quick chance to test, configure a Laptop with same IP address (used in CSR1000V) connect ISP Link to Laptop and see the output to confirm where this is going wrong ?
06-16-2022 07:53 AM
Hello Balaji,
Yes, it's a production network. I have marked the IP that I have issue with, pls find it below:
$ Ping test to (31.42.53.226) from:
Outside - Drop there!
inside (R2 and neighbor Router R1) - Drop there!
FYI - I have observed it happening when the traffic is High!
Also, thanks for the troubleshooting advice will check that!.
Question) Is there any change if the Virtual interface G1 has any problem with handling High traffic?
Thanks.
06-16-2022 08:29 AM
I would also advise to check off peak is this same results as you mentioned traffic.
CSR1000v is License based, check what kind of License throuput you have, also if this VM, that Gig interface in vswitch connected is shared not dedicated.
what kind of throughput you looking to expect or handle this router ?
06-15-2022 01:45 PM
Hello,
--> ISP side IP(31.42.53.225) shows no ping drop but router end(31.42.53.226) IP shows, which is unusual. The ISP did not have any issue on their side.
31.42.53.225 is the address you are pinging, not really sure what you mean by 'no ping drop'. 31.42.53.225 is the ISP side, so you are having ping drops on the ISP side, right ? Either way, ISPs often throttle ICMP traffic. If there are no other issues (such as users actually experiencing problems), this is probably the reason.
06-16-2022 07:57 AM
Hello georg,
I have problem with Router IP on the ISP link. I have marked the IP that I have issue with, pls find it below:
$ Ping test to (31.42.53.226) from:
Outside - Drop there!
inside (R2 and neighbor Router R1) - Drop there!
Question) Is there any change if the Virtual interface G1 has any problem with handling High traffic?
Thanks.
06-15-2022 01:48 PM
CSR1000v is stop me and make me think, I analysis the issue now I need some time.
I must analysis vNIC and interface and if I need other show/debug... I will send to you.
06-16-2022 07:58 AM
Hello there,
I appreciate your time.
thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide