forum.opennet.ru - "Дроп пакетов на as5350" (2)

форумы

помощь

поиск

регистрация

майллист

вход/выход

слежка

"Дроп пакетов на as5350"

Форумы Маршрутизаторы CISCO и др. оборудование. (Public)
Вариант для распечатки		Пред. тема \| След. тема
Изначальное сообщение		[ Отслеживать ]

"Дроп пакетов на as5350"
Сообщение от TrEK (ok) on 04-Авг-08, 17:57
Есть as5350, fa0/0 - внутренний интерфейс fa0/1 - внешний интерфейс Проходящий траффик через киску 20 Мбит, на ней висит порядка 200 траффик-шейп групп на внутреннем интерфейсе (каждому клиенту выделяеться полоса 768 кб.с), привязаных к аксес-листам. Проблема в том, что циска периодически просто задыхаеться, пропадает десяток пингов подряд, долго грузяться странички у клиентов, циска виснет, при чем это может происходить при загрузке канала на 7 Мбит. Бывает когда при 13-16 Мбит загрузки канала все работает идеально. Загрузка НАТом в пики зависаний и стабильной работы практически одинаковы. Можна на гарячем выяснить 100%-ную загрузку ЦПУ ? И меня смущает еще большое количество " Total output drops" на fa0/0 и fa0/1 интерфейсах, допустимы ли такие значения? (количество дропов постоянно увиличиваеться на внутреннем интерфейсе). Хотелось бы получить помощь, возможно кто-то стыкался с такой проблемой или знает ее решение. Все необходимые данные по циске я скинул ниже. Заранее спасибо. TTAS5350#sh int fa 0/1 FastEthernet0/1 is up, line protocol is up Hardware is Fast Ethernet, address is 0012.0048.f2f7 (bia 0012.0048.f2f7) Description: to Polyteh Internet address is 10.127.255.209/30 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 11/255, rxload 20/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 4d02h Input queue: 3/4096/0/366610 (size/max/drops/flushes); Total output drops: 123954 Queueing strategy: fifo Output queue: 0/4096 (size/max) 5 minute input rate 7919000 bits/sec, 3124 packets/sec 5 minute output rate 4573000 bits/sec, 3076 packets/sec 775991852 packets input, 1854553521 bytes Received 11603 broadcasts, 0 runts, 0 giants, 0 throttles 744 input errors, 744 CRC, 5 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 751113464 packets output, 2024247852 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out ____________________________________________________________ TTAS5350#sh int fa 0/0 FastEthernet0/0 is up, line protocol is up Hardware is Fast Ethernet, address is 0012.0048.f2f6 (bia 0012.0048.f2f6) Description: to CatalysT Internet address is 192.168.180.5/30 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 16/255, rxload 8/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 2/4096/0/2144025 (size/max/drops/flushes); Total output drops: 3894325 Queueing strategy: fifo Output queue: 0/4096 (size/max) 5 minute input rate 3392000 bits/sec, 936 packets/sec 5 minute output rate 6576000 bits/sec, 970 packets/sec 258188173 packets input, 4289304923 bytes Received 5962 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 278095826 packets output, 2569948718 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out ___________________________________________________ TTAS5350#sh processes cpu sorted \| ex 0.00 CPU utilization for five seconds: 84%/45%; one minute: 82%; five minutes: 85% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 58 170855504 189309217 902 38.54% 41.31% 43.36% 0 IP Input 152 1624256 39883276 40 0.31% 0.35% 0.42% 0 traffic_shape 153 176928 10962783 16 0.07% 0.04% 0.04% 0 PPP manager 154 167292 10980248 15 0.07% 0.03% 0.04% 0 PPP Events ______________________________________________________ TTAS5350#sh processes cpu history TTAS5350 11:53:01 AM Monday Aug 4 2008 UA 9999888888888888888888887777788888888889999977777999998888 4444888886666644444000004444499999444446666677777888880000 100 *** * 90 ********** * * * 80 ******************** *************************** 70 ******************************************************** 60 ******************************************************** 50 ******************************************************** 40 ******************************************************** 30 ******************************************************** 20 ******************************************************** 10 ********************************************************** 0....5....1....1....2....2....3....3....4....4....5....5.... 0 5 0 5 0 5 0 5 0 5 CPU% per second (last 60 seconds) ________________________________________________________________ TTAS5350#sh ip nat st Total active translations: 4977 (0 static, 4977 dynamic; 4977 extended) Outside interfaces: FastEthernet0/1 Inside interfaces: Async1/00, Async1/01, Async1/02, Async1/03, Async1/04, Async1/05, Async1/06 Async1/07, Async1/08, Async1/09, Async1/10, Async1/11, Async1/12, Async1/13 Async1/14, Async1/15, Async1/16, Async1/17, Async1/18, Async1/19, Async1/20 Async1/21, Async1/22, Async1/23, Async1/24, Async1/25, Async1/26, Async1/27 Async1/28, Async1/29, FastEthernet0/0, Group-Async1 Hits: 473884619 Misses: 10979647 Expired translations: 10975147 Dynamic mappings: -- Inside Source [Id: 1] access-list NAT pool NEW refcount 4908 pool NEW: netmask 255.255.255.248 start xxx.yyy.zzz.226 end xxx.yyy.zzz.226 type generic, total addresses 1, allocated 1 (100%), misses 11 [Id: 2] access-list NAT2 pool DIAL refcount 71 pool DIAL: netmask 255.255.255.252 start xxx.yyy.zzz.225 end xxx.yyy.zzz.225 type match-host, total addresses 1, allocated 1 (100%), misses 172 ____________________________________________________________________ TTAS5350#sh ip cef summary IP CEF with switching (Table Version 2657), flags=0x0 32 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 17 2007 instant recursive resolutions, 5 used background process 32 leaves, 28 nodes, 33584 bytes, 1686 inserts, 1654 invalidations 2 load sharing elements, 672 bytes, 2 references universal per-destination load sharing algorithm, id 37CEDDD6 3(0) CEF resets, 566 revisions of existing leaves Resolution Timer: Exponential (currently 1s, peak 2s) 869 in-place/0 aborted modifications refcounts: 7461 leaf, 7424 node Table epoch: 0 (4294967172 entries at this epoch) ____________________________________________________________________- TTAS5350#sh version Cisco Internetwork Operating System Software IOS (tm) 5350 Software (C5350-IS-M), Version 12.3(10b), RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 21-Dec-04 14:44 by kellythw Image text-base: 0x60008AFC, data-base: 0x61700000 ROM: System Bootstrap, Version 12.2(1r)1, RELEASE SOFTWARE (fc1) BOOTLDR: 5350 Software (C5350-BOOT-M), Version 12.2(2)XB2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) TTAS5350 uptime is 4 days, 3 hours, 35 minutes System returned to ROM by reload at 08:23:48 UA Thu Jul 31 2008 System restarted at 08:25:09 UA Thu Jul 31 2008 System image file is "flash:c5350-is-mz.123-10b.bin" cisco AS5350 (R7K) processor (revision T) with 262144K/131072K bytes of memory. Processor board ID JAE08512FAU R7000 CPU at 250MHz, Implementation 39, Rev 1.0, 256KB L2, 2048KB L3 Cache Last reset from IOS reload Channelized E1, Version 1.0. Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). Primary Rate ISDN software, Version 1.1. Manufacture Cookie Info: EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x32, Board Hardware Version 3.34, Item Number 800-5171-02, Board Revision C0, Serial Number JAE08512FAU, PLD/ISP Version 2.2, Manufacture Date 13-Dec-2004. Processor 0x14, MAC Address 0x012048F2F6 Backplane HW Revision 1.0, Flash Type 5V 2 FastEthernet/IEEE 802.3 interface(s) 68 Serial network interface(s) 60 terminal line(s) 2 Channelized E1/PRI port(s) 512K bytes of non-volatile configuration memory. 65536K bytes of processor board System flash (Read/Write) 16384K bytes of processor board Boot flash (Read/Write) Configuration register is 0x2102
Высказать мнение \| Ответить \| Правка \| Cообщить модератору

Оглавление

Дроп пакетов на as5350, TrEK, 03:10 , 10-Авг-08, (1)

Дроп пакетов на as5350, TrEK, 16:37 , 14-Авг-08, (2)

Сообщения по теме [Сортировка по времени | RSS]

1. "Дроп пакетов на as5350"

Сообщение от TrEK (ok) on 10-Авг-08, 03:10

>[оверквотинг удален]
>Backplane HW Revision 1.0, Flash Type 5V
>2 FastEthernet/IEEE 802.3 interface(s)
>68 Serial network interface(s)
>60 terminal line(s)
>2 Channelized E1/PRI port(s)
>512K bytes of non-volatile configuration memory.
>65536K bytes of processor board System flash (Read/Write)
>16384K bytes of processor board Boot flash (Read/Write)
>
>Configuration register is 0x2102
interface FastEthernet0/0
description to CatalysT
ip address 192.168.180.5 255.255.255.252
ip access-group CISCO-OUT in
ip access-group DIALUP out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip route-cache cef
ip tcp adjust-mss 1452
duplex full
speed 100
traffic-shape group 101 768000 19200 19200 1000
traffic-shape group 102 768000 19200 19200 1000
traffic-shape group 103 2048000 768000 768000 1000
traffic-shape group 104 768000 19200 19200 1000
traffic-shape group 105 768000 19200 19200 1000
traffic-shape group 106 768000 19200 19200 1000
traffic-shape group 107 768000 19200 19200 1000
...
...
...
traffic-shape group 196 768000 19200 19200 1000
traffic-shape group 197 768000 19200 19200 1000
traffic-shape group 198 896000 22400 22400 1000
traffic-shape group 199 832000 20800 20800 1000
traffic-shape group 2000 768000 19200 19200 1000
traffic-shape group 2001 768000 19200 19200 1000
traffic-shape group 2002 768000 19200 19200 1000
traffic-shape group 2003 768000 19200 19200 1000
traffic-shape group 2004 768000 19200 19200 1000
traffic-shape group 2005 768000 19200 19200 1000
traffic-shape group 2006 768000 19200 19200 1000
...
...
...
traffic-shape group 2139 1024000 25600 25600 1000
traffic-shape group 2140 1024000 25600 25600 1000
traffic-shape group 2141 832000 20800 20800 1000
traffic-shape group 2142 832000 20800 20800 1000

Соответственно, каждый шейп привязан к :
access-list 101 permit ip any host 192.168.181.101
access-list 102 permit ip any host 192.168.180.1
access-list 103 permit ip any host 192.168.181.17
access-list 104 permit ip any host 192.168.181.18
access-list 105 permit ip any host 192.168.181.19
access-list 105 permit ip any host 192.168.183.173
access-list 106 permit ip any host 192.168.181.20
access-list 106 permit ip any host 192.168.186.45
access-list 106 permit ip any host 192.168.187.25
access-list 106 permit ip any host 192.168.187.29
access-list 106 permit ip any host 192.168.187.33
access-list 106 permit ip any host 192.168.187.37
access-list 106 permit ip any host 192.168.183.173
access-list 107 permit ip any host 192.168.181.5
...
...
...
access-list 2000 permit ip any host 192.168.181.209
access-list 2001 permit ip any host 192.168.181.213
access-list 2002 permit ip any host 192.168.180.45
access-list 2003 permit ip any host 192.168.183.105
...
...
...
access-list 2136 permit ip any host 192.168.187.153
access-list 2137 permit ip any host 192.168.188.13
access-list 2138 permit ip any host 192.168.186.157
access-list 2139 permit ip any host 192.168.181.145
access-list 2140 permit ip any host 192.168.185.177
access-list 2141 permit ip any host 192.168.188.17
access-list 2142 permit ip any host 192.168.181.149
Можна ли использовать рейт-лимиты.. и как их правильно организовать*?

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

2. "Дроп пакетов на as5350"

Сообщение от TrEK (ok) on 14-Авг-08, 16:37

>[оверквотинг удален]
>...
>access-list 2136 permit ip any host 192.168.187.153
>access-list 2137 permit ip any host 192.168.188.13
>access-list 2138 permit ip any host 192.168.186.157
>access-list 2139 permit ip any host 192.168.181.145
>access-list 2140 permit ip any host 192.168.185.177
>access-list 2141 permit ip any host 192.168.188.17
>access-list 2142 permit ip any host 192.168.181.149
>
>Можна ли использовать рейт-лимиты.. и как их правильно организовать*?
как должно быть правильно?
TTAS5350(config-if)#rate-limit input access-group 2019 512000 8000 8000 conform-action ?
rate-limit input access-group 2019 512000 8000 8000 conform-action transmit exceed-action drop
верная запись?

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема

Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру

1. "Дроп пакетов на as5350"
Сообщение от TrEK (ok) on 10-Авг-08, 03:10
>[оверквотинг удален] >Backplane HW Revision 1.0, Flash Type 5V >2 FastEthernet/IEEE 802.3 interface(s) >68 Serial network interface(s) >60 terminal line(s) >2 Channelized E1/PRI port(s) >512K bytes of non-volatile configuration memory. >65536K bytes of processor board System flash (Read/Write) >16384K bytes of processor board Boot flash (Read/Write) > >Configuration register is 0x2102 interface FastEthernet0/0 description to CatalysT ip address 192.168.180.5 255.255.255.252 ip access-group CISCO-OUT in ip access-group DIALUP out no ip redirects no ip unreachables no ip proxy-arp ip nat inside no ip route-cache cef ip tcp adjust-mss 1452 duplex full speed 100 traffic-shape group 101 768000 19200 19200 1000 traffic-shape group 102 768000 19200 19200 1000 traffic-shape group 103 2048000 768000 768000 1000 traffic-shape group 104 768000 19200 19200 1000 traffic-shape group 105 768000 19200 19200 1000 traffic-shape group 106 768000 19200 19200 1000 traffic-shape group 107 768000 19200 19200 1000 ... ... ... traffic-shape group 196 768000 19200 19200 1000 traffic-shape group 197 768000 19200 19200 1000 traffic-shape group 198 896000 22400 22400 1000 traffic-shape group 199 832000 20800 20800 1000 traffic-shape group 2000 768000 19200 19200 1000 traffic-shape group 2001 768000 19200 19200 1000 traffic-shape group 2002 768000 19200 19200 1000 traffic-shape group 2003 768000 19200 19200 1000 traffic-shape group 2004 768000 19200 19200 1000 traffic-shape group 2005 768000 19200 19200 1000 traffic-shape group 2006 768000 19200 19200 1000 ... ... ... traffic-shape group 2139 1024000 25600 25600 1000 traffic-shape group 2140 1024000 25600 25600 1000 traffic-shape group 2141 832000 20800 20800 1000 traffic-shape group 2142 832000 20800 20800 1000 Соответственно, каждый шейп привязан к : access-list 101 permit ip any host 192.168.181.101 access-list 102 permit ip any host 192.168.180.1 access-list 103 permit ip any host 192.168.181.17 access-list 104 permit ip any host 192.168.181.18 access-list 105 permit ip any host 192.168.181.19 access-list 105 permit ip any host 192.168.183.173 access-list 106 permit ip any host 192.168.181.20 access-list 106 permit ip any host 192.168.186.45 access-list 106 permit ip any host 192.168.187.25 access-list 106 permit ip any host 192.168.187.29 access-list 106 permit ip any host 192.168.187.33 access-list 106 permit ip any host 192.168.187.37 access-list 106 permit ip any host 192.168.183.173 access-list 107 permit ip any host 192.168.181.5 ... ... ... access-list 2000 permit ip any host 192.168.181.209 access-list 2001 permit ip any host 192.168.181.213 access-list 2002 permit ip any host 192.168.180.45 access-list 2003 permit ip any host 192.168.183.105 ... ... ... access-list 2136 permit ip any host 192.168.187.153 access-list 2137 permit ip any host 192.168.188.13 access-list 2138 permit ip any host 192.168.186.157 access-list 2139 permit ip any host 192.168.181.145 access-list 2140 permit ip any host 192.168.185.177 access-list 2141 permit ip any host 192.168.188.17 access-list 2142 permit ip any host 192.168.181.149 Можна ли использовать рейт-лимиты.. и как их правильно организовать*?
Высказать мнение \| Ответить \| Правка \| Наверх \| Cообщить модератору


	2. "Дроп пакетов на as5350"
	Сообщение от TrEK (ok) on 14-Авг-08, 16:37
	>[оверквотинг удален] >... >access-list 2136 permit ip any host 192.168.187.153 >access-list 2137 permit ip any host 192.168.188.13 >access-list 2138 permit ip any host 192.168.186.157 >access-list 2139 permit ip any host 192.168.181.145 >access-list 2140 permit ip any host 192.168.185.177 >access-list 2141 permit ip any host 192.168.188.17 >access-list 2142 permit ip any host 192.168.181.149 > >Можна ли использовать рейт-лимиты.. и как их правильно организовать*? как должно быть правильно? TTAS5350(config-if)#rate-limit input access-group 2019 512000 8000 8000 conform-action ? rate-limit input access-group 2019 512000 8000 8000 conform-action transmit exceed-action drop верная запись?
	Высказать мнение \| Ответить \| Правка \| Наверх \| Cообщить модератору

Архив \| Удалить	Индекс форумов \| Темы \| Пред. тема \| След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 \| 2 \| 3 \| 4 \| 5 ] [Рекомендовать для помещения в FAQ]