Solved

2610 and two T-1 lines

Posted on 2002-03-20
16
339 Views
Last Modified: 2010-04-17
Hi,

We have a 2610 and two T-1's that are from the same service provider and we have recently ugraded them to full lines from the fractional lines we were using. Our line change also included setting the two T-1's up in a load balanced configuration.

After rolling this around in my head and watching the traffic I don't think we are truly using the lines correctly. Here's why: the router only has a 10-base Ethernet port.

Since the 2610 is connected to a Firebox2 (which has a 10/100 interface) at 10Mb, can we really make use of the two lines? Right now bottlenecks happen at the threshold of a single T-1. Or is this more of an configuration issue? I have checked our router config against a sample from or ISP and it seems to be OK. Is there anything I can do to check this? Our monthly reports show only very tiny inbound traffic on the second line. Under load balancing I would expect the two lines to be even despite the ethernet connection.

Right now I think we need to go with a router that has a 10/100 interface (2620?) in order to fix this. Any help is greatly appreciated.
0
Comment
Question by:Wifo
  • 7
  • 5
  • 2
  • +1
16 Comments
 
LVL 1

Expert Comment

by:mmedwid
Comment Utility
Two T1s is a combined total of only 3Mbps.  10BT at 10Mbps is more than adequate to saturate two T1s.  There is no need for a 100Mbps connection for getting to the ISP from your internal network.

The load balanced aspect of the two T1s is another question altogether.  How have you attempted so far to load balance the T1s?
0
 
LVL 1

Expert Comment

by:mmedwid
Comment Utility
Two T1s is a combined total of only 3Mbps.  10BT at 10Mbps is more than adequate to saturate two T1s.  There is no need for a 100Mbps connection for getting to the ISP from your internal network.

The load balanced aspect of the two T1s is another question altogether.  How have you attempted so far to load balance the T1s?
0
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
There are a couple of things to look at here.  First off - the load balancing scenario.  You mention that one of the T1's is not experiencing much inbound traffic.  Load balancing is a two-way operation.  In other words, it has to be configured in both directions to work properly.  You are load balancing outbound, but is your ISP load balancing traffic flowing towards you?  From the sound of things, probably not.  I would talk with them about it.

As to your bandwidth issue - you may have somewhat of a point.  Mmedwid's answer sounds good in theory, but isn't entirely accurate.  A T1 is full duplex - 1.5Mb in and 1.5Mb out.  So you have a total of 3Mb in and 3Mb out.  A 10Mb interface on a 2610 has no option to be full duplex (even though the new IOS puts the commands to change it, the hardward doesn't have the ability - silly Cisco).  Therefore, you only have 5Mb in and 5 Mb out.  Still looks like enough, but let's look closer.  Ethernet is considered maxed out around 40-45%.  You may get up to 50%.  Taking this you only have 2.5Mb in max and 2.5Mb out max.  Now it looks like you don't have enough.  But serial lines are considered maxed at 80%.  This means you only use a total of 2.4Mb in and 2.4 out.  Therefore you are skimming extremely close - and that is if you are maxing out Ethernet usage.

So - do you need to rush out and buy a new card (you don't need a new router)?  Probably not.  I would keep a close eye on your usage, if it seems you are getting close to using a very high percentage of the T1's on a consistent basis, you may want to think about stepping up and buying a 10/100 card.  Other than that, I would probably leave it for now.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Both Scraig84 and mmedwid have good points. I would argue Scraig's point about the 10Mb port being maxed out at 40-45% utilization. While that would be true if it were plugged into a hub that is shared media along with many workstations (a larger collision domain), the contention and collisions on the wire are what reduces the max throughput. If you have your router's ethernet port only talking to your firewall either with crossover cable or a switch port, then you have more room on that 10Mb link. Closer to 90%.

The only way to really know where the bottleneck is (if there even is one) is to monitor the total inOctets/outOctects on 4 interfaces:
Router S0/0, S0/1, Eth 0/0 and firewall outside.
Using MRTG or What's up, or some other SNMP console you can get real-time or historical bandwidth utilzation.

If all your inbound traffic does come down one pipe, then as Scraig said, talk to the ISP because they may not be load balancing correctly at their end.

You never did answer the question of how are you doing the load balancing on your end? Do you simply have two default routes with equal cost? Are you pointing your routes to the interface or to an upstream IP address?
0
 

Author Comment

by:Wifo
Comment Utility
I spoke with our provider and they did make some changes on their end and claim the lines are configured correctly. Not sure how I test this. Based on the config they gave me our router should be good to go as well. There are three routes, one per serial card with no cost and one for the ethernet. I did notice they have "no cdp enable" where I don't, if that helps.

As for monitoring, all I really have to go on is the Firewall. Long story on the SNMP. I have been watching the "external" meter and when we hit around 1.3 Kbp/s outbound, latency outbound jumps way up. Doing this with traceroute.

Just to mix things up (and add points), when the above event happens our monitor computer (LAN) can't ping through (DMZ). This makes me think our Firewall is the real problem. It is a FireBox 2 and traffic/load is well within its specs. I can understand internal/external bottlenecks but not a LAN/DMZ (10/100) bottleneck.
0
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
problems after 1.3Kbp/s??  That's nothing - do you mean Mbp/s?

Traceroute isn't exactly the best tool to monitor latency.

I would start out by looking at the serial interfaces on your Internet router from time to time and look at the "show int" counters to see how much traffic is passing (bits per sec).  You should expect that one T1 is typically going to be used heavier than the other (route caching causes imperfect load balancing), but you can usually tell if things are at least being somewhat balanced.

I don't fully understand your scenario with the firewall.  If it is having problems, I would look at its error log first if it has one.  Also, make sure duplex settings on the switch and Ethernet interfaces are correct so you don't have issues there.

0
 

Author Comment

by:Wifo
Comment Utility
Sorry, I do mean 1.3 Mbp/s. Watching the counters one line is 248000 incoming 0 outgoing (5 min snapshot) and the other is 83000 in and 417000 out. We normally have much more out than in.

I think the Firewall question was something I should have left out until the line problem is fixed. The help is still worth the extra points. Any idea of the proper way to test this or should I just start seeing outbound packets on the line that hasn't had any?
0
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
OK - looks like your provider is load balancing inbound properly, but you aren't load balancing out properly.  This would definitely cause problems over 1.3Mbs as it doesn't look like you are using the second T1. How are you routing outbound?  Should be two equal cost static default routes usually.  It may help if you post in your configurations - IP addresses changed and passwords removed to protect the innocent.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:Wifo
Comment Utility
Here is a version of our configuration file that may help.

!

version 12.0

XXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXX

!

hostname XXXXXXXXXXXXXXXXX

!

boot system flash 1:XXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXX

!

ip subnet-zero

ip name-server <Primary DNS Resolver>

!

process-max-time 200

!

interface Ethernet0/0

 ip address <LAN IP> <LAN Subnet mask>

 no ip directed-broadcast

!

interface Serial0/0

 ip address <Our 1st WAN IP> <WAN Subnet mask>

 no ip directed-broadcast

 encapsulation frame-relay IETF

 no ip mroute-cache

 no fair-queue

 service-module t1 timeslots 1-24

 service-module t1 remote-alarm-enable

 frame-relay map ip <ISP's 1st WAN IP> 16 broadcast IETF

 frame-relay lmi-type ansi

!

interface Serial0/1

 ip address <Our 2nd WAN IP> <WAN Subnet mask>

 no ip directed-broadcast

 encapsulation frame-relay IETF

 no ip mroute-cache

 no fair-queue

 service-module t1 timeslots 1-24

 service-module t1 remote-alarm-enable

 frame-relay map ip <ISP's 2nd WAN IP> 16 broadcast IETF

 frame-relay lmi-type ansi

!

ip classless

ip route 0.0.0.0 0.0.0.0 <ISP's 1st WAN IP>

ip route 0.0.0.0 0.0.0.0 <ISP's 2nd WAN IP> 254

ip route <LAN route ie 121.12.12.0> 255.255.255.0 <Firwall IP>

no ip http server

!

access-list 101 permit ip XXXXXXXXXXXXXXXXX any

access-list 101 permit ip XXXXXXXXXXXXXXXXX any

snmp-server engineID local XXXXXXXXXXXXXXXXX

snmp-server community XXXXXXXXXXXXXXXXX

snmp-server community XXXXXXXXXXXXXXXXX

snmp-server community XXXXXXXXXXXXXXXXX

snmp-server enable traps snmp

snmp-server host XXXXXXXXXXXXXXXXX-trap

snmp-server host XXXXXXXXXXXXXXXXX-trap

snmp-server host XXXXXXXXXXXXXXXXX-trap

snmp-server host XXXXXXXXXXXXXXXXX-trap

!

line con 0

 exec-timeout 0 0

 history size 50

 transport input none

line aux 0

 transport input all

line vty 0 4

 access-class 101 in

 exec-timeout 20 0

 password XXXXXXXXXXXXXXXXX

 login

 history size 50

!

end

0
 
LVL 8

Accepted Solution

by:
scraig84 earned 120 total points
Comment Utility
The 254 at the end of your second IP route statement is the culprit.  This adds an administrative distance and means it will not go into the table unless the first route leaves the table (interface goes down).  If you remove the 254, you will equal-cost load balance, and outbound traffic will start to flow over the second T1.  Do a "show ip route" before and after the change and you will see the second route enter the table.
0
 

Author Comment

by:Wifo
Comment Utility
So, "show ip route" remove the 254, enter configure select terminal, paste new config and "show ip route". That it?
0
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
Basically.  The "show ip route" is more so you can see what I'm telling you - you don't have to do it to make it work.

for the config part, it would just be:

conf t
ip route 0.0.0.0 0.0.0.0 <ISP's 2nd WAN IP>
exit

then you can do a "show ip route" to see that the new route is in the table.  You should also see the outbound numbers start to change from 0 on that interface.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Edit this and cut/paste:

no ip route 0.0.0.0 0.0.0.0 <ISP's 2nd WAN IP> 254
ip route 0.0.0.0 0.0.0.0 <ISP's 2nd WAN IP>


0
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
lrmoore's will work too.  I'm about 99.9% sure that you don't need to do the "no" line first.  You should be able to just put the route in without admin distance.
0
 

Author Comment

by:Wifo
Comment Utility
I removed the "254" from a text copy, pasted the whole thing back in and the lines seem to be working correctly. I now have inbound and outbound traffic on both interfaces. Better yet I don't take the latency hit like I mentioned before when we hit 1.3 (+/-). That and the routes change when I traceroute. You guys rock!
0
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
Cool.  Glad that worked for you!
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now