Need review of Cisco 1700 programming

Two Cisco routers handle routing on a T1 line between a credit union main office and it's branch. The President of the CU complains the applications at the branch are running slowly, and wants to make sure the routers are utilizing the available bandwidth properly.
I am not a Cisco tech, so I'd like to know if the program is efficient.
I have the config files and show interface for your review.  Thanks in advance.

MAIN


Current configuration : 2370 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname 1st-stl
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$3G6N$qlS0WiOeohqd/KJ8GyZSM/
!
clock timezone cst -6
clock summer-time summer recurring 1 Sun Apr 0:01 last Sun Oct 0:01
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
voice-card 2
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
no ip domain lookup
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
voice translation-rule 25
 rule 1 /^7/ /25/
!
!
voice translation-profile FXS25
 translate called 25
!
!
!
!
!
!
interface FastEthernet0/0
 description Connection to MAIN LAN
 ip address 192.168.168.249 255.255.255.0
 ip helper-address 192.168.168.251
 speed auto
 full-duplex
!
interface Serial0/0
 description PTP T-1 Connection to BRANCH
 bandwidth 1536
 ip unnumbered FastEthernet0/0
 encapsulation ppp
 ip tcp header-compression iphc-format
 service-module t1 clock source internal
 service-module t1 timeslots 1-24
 no cdp enable
 ip rtp header-compression iphc-format
!
router eigrp 100
 network 192.168.168.0
 auto-summary
 no eigrp log-neighbor-warnings
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.168.250
ip route 192.168.168.0 255.255.255.0 FastEthernet0/0
ip route 192.168.169.0 255.255.255.0 Serial0/0
ip route 207.169.102.0 255.255.255.0 192.168.168.253
ip route 216.189.224.0 255.255.240.0 192.168.168.239
!
no ip http server
!
snmp-server community public RO
!
control-plane
!
!
!
voice-port 2/0
 description BRANCH 911 Trunk
!
voice-port 2/1
 shutdown
!
!
!
!
!
dial-peer voice 205 pots
 description BRANCH 911 Trunk
 translation-profile incoming FXS25
 answer-address 25
 destination-pattern 25
 port 2/0
!
dial-peer voice 215 voip
 description BRANCH 911 Trunk
 destination-pattern 25
 session target ipv4:192.168.169.249
!

!
line con 0
 exec-timeout 0 0
 password cisco
 login
line aux 0
line vty 0 4
 password cisco
 login
!
end

1st-stl#show int
FastEthernet0/0 is up, line protocol is up
  Hardware is PQUICC_FEC, address is 0013.80a4.d83a (bia 0013.80a4.d83a)
  Description: Connection to  MAIN LAN
  Internet address is 192.168.168.249/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 57000 bits/sec, 31 packets/sec
  5 minute output rate 44000 bits/sec, 32 packets/sec
     220454270 packets input, 2393383597 bytes
     Received 2354931 broadcasts, 0 runts, 0 giants, 0 throttles
     5 input errors, 0 CRC, 0 frame, 5 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     225081957 packets output, 1755105207 bytes, 20 underruns
     20 output errors, 0 collisions, 3 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
Serial0/0 is up, line protocol is up
  Hardware is PQUICC with Fractional T1 CSU/DSU
  Description: PTP T-1 Connection to BRANCH
  Interface is unnumbered. Using address of FastEthernet0/0 (192.168.168.249)
  MTU 1500 bytes, BW 1536 Kbit, DLY 20000 usec,
     reliability 255/255, txload 7/255, rxload 5/255
  Encapsulation PPP, LCP Open
  Open: IPCP, loopback not set
  Keepalive set (10 sec)
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 11w6d
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 10098
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/10036 (size/max total/threshold/drops)
     Conversations  0/17/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 1152 kilobits/sec
  5 minute input rate 34000 bits/sec, 29 packets/sec
  5 minute output rate 47000 bits/sec, 25 packets/sec
     221016788 packets input, 3244462279 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 12 giants, 0 throttles
     2014831 input errors, 104070 CRC, 873358 frame, 0 overrun, 0 ignored, 1037397 abort
     217682610 packets output, 694412080 bytes, 0 underruns
     0 output errors, 0 collisions, 229 interface resets
     0 output buffer failures, 0 output buffers swapped out
     35 carrier transitions
jnoaubreyAsked:
Who is Participating?
 
t509Commented:
Check the output of

sh controllers

and watch for slips etc..

As i can read from your 1st-stl configuration the internal clock of your T1 module is the actual clocking source.
If the attached device of the provider thinks the same, you´ve got the situation master<->master. It will work in most cases, but you get errors, leading to crc/input/etc-errors.

I´d suggest this as the first step in your troubleshooting, since the line

service-module t1 clock source internal

isn´t configured on your branch router, and the IF statistics obiously look fine there.


Give it a try, if the used hardware is the same. And issue

conf t
in s0/0
no service-module t1 clock source internal
end
reload in 5

without a following

wr

to address the possibility of complete connection loss. The router will restart automatically in 5 minutes, addressing the case you lost connection and are not able to

reload cancel

within 5 minutes if anything works, and therefore comes up again with the saved/working configuration.

Hope this was KISS enough. Good luck!
0
 
jnoaubreyAuthor Commented:
Branch Output:

1st-branch-stl#show run
Building configuration...

Current configuration : 2269 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname 1st-branch-stl
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$3w.M$ho1l52Zv2sPnRcPjQK.9q0
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
voice-card 2
!
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.169.100 192.168.169.254
ip dhcp excluded-address 192.168.169.1
!
ip dhcp pool BRANCH
   network 192.168.169.0 255.255.255.0
   default-router 192.168.169.249
   dns-server 192.168.168.251 68.94.156.1
   netbios-node-type h-node
   netbios-name-server 192.168.168.251
   lease 8
!
!
no ip domain lookup
ip dhcp-server 192.168.169.249
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 description Conected to BRANCH LAN
 ip address 192.168.169.249 255.255.255.0
 ip helper-address 192.168.168.251
 speed auto
 full-duplex
!
interface Serial0/0
 description Connected to  MAIN
 bandwidth 1536
 ip unnumbered FastEthernet0/0
 encapsulation ppp
 ip tcp header-compression iphc-format
 service-module t1 timeslots 1-24
 no cdp enable
 ip rtp header-compression iphc-format
!
router eigrp 100
 network 192.168.169.0
 auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.169.250
ip route 207.169.102.0 255.255.255.0 192.168.168.253
ip route 216.189.224.0 255.255.240.0 192.168.168.239
!
no ip http server
!
snmp-server community public RO
!
control-plane
!
!
!
voice-port 2/0
 description BRANCH Trunk
!
voice-port 2/1
 shutdown
!
!
!
!
!
dial-peer voice 205 pots
 description AT&T 911 Trunk
 destination-pattern 25
 port 2/0
!
dial-peer voice 215 voip
 description AT&T 911 Trunk
 session target ipv4:192.168.168.249
!
!
line con 0
 exec-timeout 0 0
 password
 login
line aux 0
line vty 0 4
 password
 login
!
end

 description AT&T 911 Trunk
 session target ipv4:192.168.168.249
!
!
line con 0
 exec-timeout 0 0
 password
 login
line aux 0
line vty 0 4
 password
 login
!
end

1st-branch-stl# show int
FastEthernet0/0 is up, line protocol is up
  Hardware is PQUICC_FEC, address is 0013.80a4.d80f (bia 0013.80a4.d80f)
  Description: Conected to BRANCH LAN
  Internet address is 192.168.169.249/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/70/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 41000 bits/sec, 43 packets/sec
  5 minute output rate 46000 bits/sec, 40 packets/sec
     6382883 packets input, 895924653 bytes
     Received 40576 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     6785559 packets output, 2268325906 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
Serial0/0 is up, line protocol is up
  Hardware is PQUICC with Fractional T1 CSU/DSU
  Description: Connected to MAIN
  Interface is unnumbered. Using address of FastEthernet0/0 (192.168.169.249)
  MTU 1500 bytes, BW 1536 Kbit, DLY 20000 usec,
     reliability 255/255, txload 4/255, rxload 7/255
  Encapsulation PPP, LCP Open
  Open: IPCP, loopback not set
  Keepalive set (10 sec)
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 2d22h
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/10/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 1152 kilobits/sec
  5 minute input rate 45000 bits/sec, 41 packets/sec
  5 minute output rate 30000 bits/sec, 40 packets/sec
     6706140 packets input, 2082770590 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     6358709 packets output, 695324945 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     1 carrier transitions
     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up
0
 
chad_rCommented:
Nothing jumped out at me at first glance except one thing, the auto speed and full duplex.  What devices are connected to the F0/0 interfaces on both routers?  Are they manageable switches?  Can you validate what their speed and duplex are set to?  They should match, and if not, would cause noticeable performance issues.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
kcohneCommented:
This can be very difficult to gauge especially without a baseline to start with. Most T1 providers that I have dealt with have some kind of bandwidth report you can access that would at least tell you if you are over utilizing the line.

From there you can use built in tools to capture traffic depending on the Router and the software version installed on the router.

Also using some kind of net-flow program to monitor the traffic going through the router.
0
 
t509Commented:
Look at that:

Serial0/0 is up, line protocol is up
  Hardware is PQUICC with Fractional T1 CSU/DSU
  Description: PTP T-1 Connection to BRANCH
  Interface is unnumbered. Using address of FastEthernet0/0 (192.168.168.249)
  MTU 1500 bytes, BW 1536 Kbit, DLY 20000 usec,
     reliability 255/255, txload 7/255, rxload 5/255
  Encapsulation PPP, LCP Open
  Open: IPCP, loopback not set
  Keepalive set (10 sec)
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 11w6d
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 10098
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/10036 (size/max total/threshold/drops)
     Conversations  0/17/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 1152 kilobits/sec
  5 minute input rate 34000 bits/sec, 29 packets/sec
  5 minute output rate 47000 bits/sec, 25 packets/sec
     221016788 packets input, 3244462279 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 12 giants, 0 throttles
     2014831 input errors, 104070 CRC, 873358 frame, 0 overrun, 0 ignored, 1037397 abort
     217682610 packets output, 694412080 bytes, 0 underruns
     0 output errors, 0 collisions, 229 interface resets
     0 output buffer failures, 0 output buffers swapped out
     35 carrier transitions

The first step on _my_ agenda would be the reduction of this error-rate. Even if the input errors are "only" <1% of the packets, the retransmissions will surely slow down the other traffic. Some clocking issues?

To address the "slow applications" i would establish QoS with correct classification and allocated bandwidth/pririty(LLQ/CBWFQ is your friend) for these applications.

For example:

access-list 199 permit tcp any any eq 389

class-map match-any LDAP
 match access-group 199

policy-map myPOLICY
 class LDAP
  priority 32
 class class-default
  fair-queue

int s0/0
 service-policy output myPOLICY

and on the other router vice versa.

When you establish these policy on both routers, LDAP-traffic will be prioritized up to 32kbit, if the output queue gets congested and treated as LowLatencyTraffic. The other traffic (every traffic not classified, and therefore in the class class-default) is treated with fair queuing.
You can expand this example with different classes and qos mechanisms, based on your defined classes. You can even classify with NBAR based on L4-7, for example Skype traffic.

After you have this policy active on an interface, you can check its effectiveness with

sh policy-map inte s0/0

where you can see the drops, if any, which would lead you normally to modify the queue to a bigger value, based on the type of traffic.
But always remember, QoS is a zero-sum game...and isn´t a cure for undersized links.

HTH
0
 
jnoaubreyAuthor Commented:
t509:

Your answer to the error rate is intreguing, but I'm lost as to how to implement the policy.
For instance, the reports I get regard everything from their financial program that runs on .NET to the time it takes for roaming prfiles to load, and to open documents off of the Main office server.
So unless I missunderstand, I assume we're not dealing with one protocol here?
0
 
t509Commented:
I provided only an example with LDAP, to show you the procedure setting up a QoS policy. In this special case i matched one protocol.
You can expand the ACL with more entries/lines, based on hosts, subnets, ports, etc., without any problems.
If you know the used IPs of the hosts, this should be easy to solve.

Just check here what you CAN do:
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/12_4/qos_12_4_book.html

This should help.
0
 
jnoaubreyAuthor Commented:
I agree that while the input errors are "only" <1% of the packets, the retransmissions will surely slow down the other traffic. You mentioned some clocking issues?
How to address clocking issues?
Please "KISS" as I'm not a regular Cisco tech.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.