Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

2610 and two T-1 lines

Posted on 2002-03-20
16
Medium Priority
?
348 Views
Last Modified: 2010-04-17
Hi,

We have a 2610 and two T-1's that are from the same service provider and we have recently ugraded them to full lines from the fractional lines we were using. Our line change also included setting the two T-1's up in a load balanced configuration.

After rolling this around in my head and watching the traffic I don't think we are truly using the lines correctly. Here's why: the router only has a 10-base Ethernet port.

Since the 2610 is connected to a Firebox2 (which has a 10/100 interface) at 10Mb, can we really make use of the two lines? Right now bottlenecks happen at the threshold of a single T-1. Or is this more of an configuration issue? I have checked our router config against a sample from or ISP and it seems to be OK. Is there anything I can do to check this? Our monthly reports show only very tiny inbound traffic on the second line. Under load balancing I would expect the two lines to be even despite the ethernet connection.

Right now I think we need to go with a router that has a 10/100 interface (2620?) in order to fix this. Any help is greatly appreciated.
0
Comment
Question by:Wifo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 2
  • +1
16 Comments
 
LVL 1

Expert Comment

by:mmedwid
ID: 6884249
Two T1s is a combined total of only 3Mbps.  10BT at 10Mbps is more than adequate to saturate two T1s.  There is no need for a 100Mbps connection for getting to the ISP from your internal network.

The load balanced aspect of the two T1s is another question altogether.  How have you attempted so far to load balance the T1s?
0
 
LVL 1

Expert Comment

by:mmedwid
ID: 6884271
Two T1s is a combined total of only 3Mbps.  10BT at 10Mbps is more than adequate to saturate two T1s.  There is no need for a 100Mbps connection for getting to the ISP from your internal network.

The load balanced aspect of the two T1s is another question altogether.  How have you attempted so far to load balance the T1s?
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6885551
There are a couple of things to look at here.  First off - the load balancing scenario.  You mention that one of the T1's is not experiencing much inbound traffic.  Load balancing is a two-way operation.  In other words, it has to be configured in both directions to work properly.  You are load balancing outbound, but is your ISP load balancing traffic flowing towards you?  From the sound of things, probably not.  I would talk with them about it.

As to your bandwidth issue - you may have somewhat of a point.  Mmedwid's answer sounds good in theory, but isn't entirely accurate.  A T1 is full duplex - 1.5Mb in and 1.5Mb out.  So you have a total of 3Mb in and 3Mb out.  A 10Mb interface on a 2610 has no option to be full duplex (even though the new IOS puts the commands to change it, the hardward doesn't have the ability - silly Cisco).  Therefore, you only have 5Mb in and 5 Mb out.  Still looks like enough, but let's look closer.  Ethernet is considered maxed out around 40-45%.  You may get up to 50%.  Taking this you only have 2.5Mb in max and 2.5Mb out max.  Now it looks like you don't have enough.  But serial lines are considered maxed at 80%.  This means you only use a total of 2.4Mb in and 2.4 out.  Therefore you are skimming extremely close - and that is if you are maxing out Ethernet usage.

So - do you need to rush out and buy a new card (you don't need a new router)?  Probably not.  I would keep a close eye on your usage, if it seems you are getting close to using a very high percentage of the T1's on a consistent basis, you may want to think about stepping up and buying a 10/100 card.  Other than that, I would probably leave it for now.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 79

Expert Comment

by:lrmoore
ID: 6885595
Both Scraig84 and mmedwid have good points. I would argue Scraig's point about the 10Mb port being maxed out at 40-45% utilization. While that would be true if it were plugged into a hub that is shared media along with many workstations (a larger collision domain), the contention and collisions on the wire are what reduces the max throughput. If you have your router's ethernet port only talking to your firewall either with crossover cable or a switch port, then you have more room on that 10Mb link. Closer to 90%.

The only way to really know where the bottleneck is (if there even is one) is to monitor the total inOctets/outOctects on 4 interfaces:
Router S0/0, S0/1, Eth 0/0 and firewall outside.
Using MRTG or What's up, or some other SNMP console you can get real-time or historical bandwidth utilzation.

If all your inbound traffic does come down one pipe, then as Scraig said, talk to the ISP because they may not be load balancing correctly at their end.

You never did answer the question of how are you doing the load balancing on your end? Do you simply have two default routes with equal cost? Are you pointing your routes to the interface or to an upstream IP address?
0
 

Author Comment

by:Wifo
ID: 6886641
I spoke with our provider and they did make some changes on their end and claim the lines are configured correctly. Not sure how I test this. Based on the config they gave me our router should be good to go as well. There are three routes, one per serial card with no cost and one for the ethernet. I did notice they have "no cdp enable" where I don't, if that helps.

As for monitoring, all I really have to go on is the Firewall. Long story on the SNMP. I have been watching the "external" meter and when we hit around 1.3 Kbp/s outbound, latency outbound jumps way up. Doing this with traceroute.

Just to mix things up (and add points), when the above event happens our monitor computer (LAN) can't ping through (DMZ). This makes me think our Firewall is the real problem. It is a FireBox 2 and traffic/load is well within its specs. I can understand internal/external bottlenecks but not a LAN/DMZ (10/100) bottleneck.
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6886691
problems after 1.3Kbp/s??  That's nothing - do you mean Mbp/s?

Traceroute isn't exactly the best tool to monitor latency.

I would start out by looking at the serial interfaces on your Internet router from time to time and look at the "show int" counters to see how much traffic is passing (bits per sec).  You should expect that one T1 is typically going to be used heavier than the other (route caching causes imperfect load balancing), but you can usually tell if things are at least being somewhat balanced.

I don't fully understand your scenario with the firewall.  If it is having problems, I would look at its error log first if it has one.  Also, make sure duplex settings on the switch and Ethernet interfaces are correct so you don't have issues there.

0
 

Author Comment

by:Wifo
ID: 6886748
Sorry, I do mean 1.3 Mbp/s. Watching the counters one line is 248000 incoming 0 outgoing (5 min snapshot) and the other is 83000 in and 417000 out. We normally have much more out than in.

I think the Firewall question was something I should have left out until the line problem is fixed. The help is still worth the extra points. Any idea of the proper way to test this or should I just start seeing outbound packets on the line that hasn't had any?
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6886768
OK - looks like your provider is load balancing inbound properly, but you aren't load balancing out properly.  This would definitely cause problems over 1.3Mbs as it doesn't look like you are using the second T1. How are you routing outbound?  Should be two equal cost static default routes usually.  It may help if you post in your configurations - IP addresses changed and passwords removed to protect the innocent.
0
 

Author Comment

by:Wifo
ID: 6886880
Here is a version of our configuration file that may help.

!

version 12.0

XXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXX

!

hostname XXXXXXXXXXXXXXXXX

!

boot system flash 1:XXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXX

!

ip subnet-zero

ip name-server <Primary DNS Resolver>

!

process-max-time 200

!

interface Ethernet0/0

 ip address <LAN IP> <LAN Subnet mask>

 no ip directed-broadcast

!

interface Serial0/0

 ip address <Our 1st WAN IP> <WAN Subnet mask>

 no ip directed-broadcast

 encapsulation frame-relay IETF

 no ip mroute-cache

 no fair-queue

 service-module t1 timeslots 1-24

 service-module t1 remote-alarm-enable

 frame-relay map ip <ISP's 1st WAN IP> 16 broadcast IETF

 frame-relay lmi-type ansi

!

interface Serial0/1

 ip address <Our 2nd WAN IP> <WAN Subnet mask>

 no ip directed-broadcast

 encapsulation frame-relay IETF

 no ip mroute-cache

 no fair-queue

 service-module t1 timeslots 1-24

 service-module t1 remote-alarm-enable

 frame-relay map ip <ISP's 2nd WAN IP> 16 broadcast IETF

 frame-relay lmi-type ansi

!

ip classless

ip route 0.0.0.0 0.0.0.0 <ISP's 1st WAN IP>

ip route 0.0.0.0 0.0.0.0 <ISP's 2nd WAN IP> 254

ip route <LAN route ie 121.12.12.0> 255.255.255.0 <Firwall IP>

no ip http server

!

access-list 101 permit ip XXXXXXXXXXXXXXXXX any

access-list 101 permit ip XXXXXXXXXXXXXXXXX any

snmp-server engineID local XXXXXXXXXXXXXXXXX

snmp-server community XXXXXXXXXXXXXXXXX

snmp-server community XXXXXXXXXXXXXXXXX

snmp-server community XXXXXXXXXXXXXXXXX

snmp-server enable traps snmp

snmp-server host XXXXXXXXXXXXXXXXX-trap

snmp-server host XXXXXXXXXXXXXXXXX-trap

snmp-server host XXXXXXXXXXXXXXXXX-trap

snmp-server host XXXXXXXXXXXXXXXXX-trap

!

line con 0

 exec-timeout 0 0

 history size 50

 transport input none

line aux 0

 transport input all

line vty 0 4

 access-class 101 in

 exec-timeout 20 0

 password XXXXXXXXXXXXXXXXX

 login

 history size 50

!

end

0
 
LVL 8

Accepted Solution

by:
scraig84 earned 480 total points
ID: 6886894
The 254 at the end of your second IP route statement is the culprit.  This adds an administrative distance and means it will not go into the table unless the first route leaves the table (interface goes down).  If you remove the 254, you will equal-cost load balance, and outbound traffic will start to flow over the second T1.  Do a "show ip route" before and after the change and you will see the second route enter the table.
0
 

Author Comment

by:Wifo
ID: 6886981
So, "show ip route" remove the 254, enter configure select terminal, paste new config and "show ip route". That it?
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6887007
Basically.  The "show ip route" is more so you can see what I'm telling you - you don't have to do it to make it work.

for the config part, it would just be:

conf t
ip route 0.0.0.0 0.0.0.0 <ISP's 2nd WAN IP>
exit

then you can do a "show ip route" to see that the new route is in the table.  You should also see the outbound numbers start to change from 0 on that interface.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 6887015
Edit this and cut/paste:

no ip route 0.0.0.0 0.0.0.0 <ISP's 2nd WAN IP> 254
ip route 0.0.0.0 0.0.0.0 <ISP's 2nd WAN IP>


0
 
LVL 8

Expert Comment

by:scraig84
ID: 6887022
lrmoore's will work too.  I'm about 99.9% sure that you don't need to do the "no" line first.  You should be able to just put the route in without admin distance.
0
 

Author Comment

by:Wifo
ID: 6887061
I removed the "254" from a text copy, pasted the whole thing back in and the lines seem to be working correctly. I now have inbound and outbound traffic on both interfaces. Better yet I don't take the latency hit like I mentioned before when we hit 1.3 (+/-). That and the routes change when I traceroute. You guys rock!
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6887079
Cool.  Glad that worked for you!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question