Link to home
Create AccountLog in
Avatar of amigan_99
amigan_99Flag for United States of America

asked on

Cisco 2811 ISR CPU cranking

I have incrementing input errors and I am only getting up to 16Mbps max throughput on the router.  Note that input errors is equal to ignored.  I no longer need the cryptomap on that interface.  Perhaps that is slowing things down? Or nbar protocol discovery?  or the netflow config??

FastEthernet0/0 is up, line protocol is up
  Hardware is MV96340 Ethernet, address is 0021.d80c.6790 (bia 0021.d80c.6790)
  Description: WAN Interface C2811$FW_OUTSIDE$$ETH-WAN$
  Internet address is 61.44.14.38/27
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 37/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:06, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/62773/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 14625000 bits/sec, 1508 packets/sec
  5 minute output rate 537000 bits/sec, 837 packets/sec
     1396679772 packets input, 3830289669 bytes
     Received 12566412 broadcasts, 0 runts, 0 giants, 11846 throttles
     7127770 input errors, 0 CRC, 0 frame, 0 overrun, 7127770 ignored
     0 watchdog
     0 input packets with dribble condition detected

interface FastEthernet0/0

 description WAN Interface C2811$FW_OUTSIDE$$ETH-WAN$

 ip address 61.44.14.38 255.255.255.224

 ip nbar protocol-discovery

 ip flow ingress

 ip flow egress

 ip nat outside

 ip virtual-reassembly

 zone-member security out-zone

 duplex auto

 speed auto

 no cdp enable

 no mop enabled

 crypto map regina
Avatar of agonza07
agonza07
Flag of United States of America image

Crazy, I got the exact same issue happening on my end. Got a 50Mbps line that I can only get 10Mbps from. Workstation directly connected to ISP gives me the full 50.

I took out Netflow on mine, per your suggestion, but no improvement.

The errors are ignored, not CRC so I've also ruled out a duplex/speed mismatch.

My next step was to replace the router with a 2851 I got as a spare, see if maybe its a router limitation.
Avatar of amigan_99

ASKER

it's supposed to route up to 61Mbps and 120,000PPS between two interfaces.  Not sure what is hobbling it.
I think it's 61Mbps with 64byte packets. Read that on the Cisco forums. Not sure how that translates with bigger packets, but my CPu is getting hammered too
i removed the defunct crypto map and the ip nbar discovery.  So far it's all cool - no errors incrementing.  But it seems to only happen under heavier loads so it may take a while to see if this solved anything.
Also - note to self that during the spike CPU period it was only 1600 PPS that was passing.  And there are errors incrementing every business day.  So if no errors tomorrow it's in a better place.
one thing to possibly look at - "Cisco improved TCP session setup performance in Cisco IOS Software Release 12.4(4)T by moving TCP session setup into the Cisco Express Forwarding (CEF) switching path. This reduced CPU impact for TCP session setup, improved TCP session setup rate, and increased TCP throughput".  ??

http://www.cisco.com/en/US/prod/collateral/routers/ps5855/prod_white_paper0900aecd8061536b.pdf
ASKER CERTIFIED SOLUTION
Avatar of agonza07
agonza07
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
With the nbar and crypto map removed - the router was able to push about 50% more bandwidth hitting 24Mbps for the first time.  Max over the last six months was 16Mbps.  Now the CPU did spike and the input errors/ignored did occur.
Good to know. At least that sorta answers the question of it being the 2811. The replacement 2851 might take a month or two to put in.

Man, wish I could give you points :)
Thanks for helping talk it through.  Best.