amigan_99
asked on
Cisco 2811 ISR CPU cranking
I have incrementing input errors and I am only getting up to 16Mbps max throughput on the router. Note that input errors is equal to ignored. I no longer need the cryptomap on that interface. Perhaps that is slowing things down? Or nbar protocol discovery? or the netflow config??
FastEthernet0/0 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 0021.d80c.6790 (bia 0021.d80c.6790)
Description: WAN Interface C2811$FW_OUTSIDE$$ETH-WAN$
Internet address is 61.44.14.38/27
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 37/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:06, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/62773/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 14625000 bits/sec, 1508 packets/sec
5 minute output rate 537000 bits/sec, 837 packets/sec
1396679772 packets input, 3830289669 bytes
Received 12566412 broadcasts, 0 runts, 0 giants, 11846 throttles
7127770 input errors, 0 CRC, 0 frame, 0 overrun, 7127770 ignored
0 watchdog
0 input packets with dribble condition detected
interface FastEthernet0/0
description WAN Interface C2811$FW_OUTSIDE$$ETH-WAN$
ip address 61.44.14.38 255.255.255.224
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
no cdp enable
no mop enabled
crypto map regina
FastEthernet0/0 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 0021.d80c.6790 (bia 0021.d80c.6790)
Description: WAN Interface C2811$FW_OUTSIDE$$ETH-WAN$
Internet address is 61.44.14.38/27
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 37/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:06, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/62773/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 14625000 bits/sec, 1508 packets/sec
5 minute output rate 537000 bits/sec, 837 packets/sec
1396679772 packets input, 3830289669 bytes
Received 12566412 broadcasts, 0 runts, 0 giants, 11846 throttles
7127770 input errors, 0 CRC, 0 frame, 0 overrun, 7127770 ignored
0 watchdog
0 input packets with dribble condition detected
interface FastEthernet0/0
description WAN Interface C2811$FW_OUTSIDE$$ETH-WAN$
ip address 61.44.14.38 255.255.255.224
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
no cdp enable
no mop enabled
crypto map regina
ASKER
it's supposed to route up to 61Mbps and 120,000PPS between two interfaces. Not sure what is hobbling it.
I think it's 61Mbps with 64byte packets. Read that on the Cisco forums. Not sure how that translates with bigger packets, but my CPu is getting hammered too
ASKER
i removed the defunct crypto map and the ip nbar discovery. So far it's all cool - no errors incrementing. But it seems to only happen under heavier loads so it may take a while to see if this solved anything.
ASKER
Also - note to self that during the spike CPU period it was only 1600 PPS that was passing. And there are errors incrementing every business day. So if no errors tomorrow it's in a better place.
ASKER
one thing to possibly look at - "Cisco improved TCP session setup performance in Cisco IOS Software Release 12.4(4)T by moving TCP session setup into the Cisco Express Forwarding (CEF) switching path. This reduced CPU impact for TCP session setup, improved TCP session setup rate, and increased TCP throughput". ??
http://www.cisco.com/en/US/prod/collateral/routers/ps5855/prod_white_paper0900aecd8061536b.pdf
http://www.cisco.com/en/US/prod/collateral/routers/ps5855/prod_white_paper0900aecd8061536b.pdf
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
With the nbar and crypto map removed - the router was able to push about 50% more bandwidth hitting 24Mbps for the first time. Max over the last six months was 16Mbps. Now the CPU did spike and the input errors/ignored did occur.
Good to know. At least that sorta answers the question of it being the 2811. The replacement 2851 might take a month or two to put in.
Man, wish I could give you points :)
Man, wish I could give you points :)
ASKER
Thanks for helping talk it through. Best.
I took out Netflow on mine, per your suggestion, but no improvement.
The errors are ignored, not CRC so I've also ruled out a duplex/speed mismatch.
My next step was to replace the router with a 2851 I got as a spare, see if maybe its a router limitation.