Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Frame interface bandwidth creating latency in second circuit

Reply
Thread Tools

Frame interface bandwidth creating latency in second circuit

 
 
John Kinsella
Guest
Posts: n/a
 
      11-22-2003
Hey guys - got a stumper I've been trying to debug for a few months.
Current setup follows, I wanna get to the point and not bore too many:

When the (864k) Frame circuit gets maxed out, latency (measured with
traceroute) for natted users on the T1 circuit goes from 20ms for
first hop to over a second. During this same time, there is no
noticable latency difference for machines that have static IPs on the
second T1. NAT is accomplished via route-maps.

So, interesting part is, if I shut/no shut the frame circuit, latency
on the t1 disappears for a period of time (varies from short to long,
I suspect depending on the level of bandwidth on the frame circuit).

I'm guessing this has something to do with either a bug in the version
of IOS I'm running, or how my route-map stuff is setup. Anybody have
any clues? This one's worth a few beers to me.

I've got the following setup currently:

Cisco 3600 with 3 active interfaces:
eth 0/0 - duh
ser 0/0 - frame encapsulated t1
ser 0/0.1 - Virtual frame circuit to ISP
ser 0/1 - full T1 to a different ISP

Running IP NAT out over both interfaces with route maps

running-config, with IPs obfuscated and passwords removed:

Current configuration : 10742 bytes
!
! Last configuration change at 17:01:04 utc Fri Nov 21 2003
! NVRAM config last updated at 14:30:25 utc Thu Oct 16 2003
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service linenumber
!
hostname router
!
logging buffered 4096 informational
aaa new-model
aaa authentication login default line
aaa authorization exec default none
!
!
!
!
!
clock timezone utc -7
ip subnet-zero
no ip source-route
ip name-server 1.1.1.201
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
interface Ethernet0/0
description Connection to office LAN
ip address 1.1.1.1 255.255.255.0
ip access-group 100 in
no ip unreachables
no ip proxy-arp
ip nat inside
ip policy route-map full-t1
!
interface Serial0/0
no ip address
encapsulation frame-relay IETF
service-module t1 timeslots 1-12
no frame-relay inverse-arp
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
ip address 1.3.1.2 255.255.255.252
ip access-group 10 in
no ip unreachables
no ip proxy-arp
ip nat outside
no cdp enable
frame-relay interface-dlci 500
!
interface Ethernet0/1
no ip address
ip access-group 100 in
shutdown
!
interface Serial0/1
ip address 1.2.1.38 255.255.255.252
ip access-group 167 in
no ip unreachables
no ip proxy-arp
ip nat outside
fair-queue
serial restart-delay 0
!
interface Serial1/0
no ip address
ip nat outside
shutdown
no fair-queue
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip nat pool FRAMENAT 1.3.1.162 1.3.1.163 netmask 255.255.255.240
ip nat pool TEENAT 1.2.1.225 1.2.1.226 netmask 255.255.255.224
ip nat inside source list 1 pool FRAMENAT overload
ip nat inside source route-map frame-map pool FRAMENAT overload
ip nat inside source static 1.1.1.12 1.2.1.234
ip nat inside source static 1.1.1.203 1.2.1.230
ip nat inside source static 1.1.1.199 1.2.1.233
ip nat inside source static 1.1.1.17 1.2.1.240
ip nat inside source static 1.1.1.227 1.2.1.250
ip nat inside source static 1.1.1.228 1.2.1.228
ip nat inside source static 1.1.1.7 1.2.1.227
ip nat inside source static 1.1.1.233 1.2.1.236
ip nat inside source static 1.1.1.201 1.2.1.237
ip nat inside source static 1.1.1.217 1.2.1.229
ip nat inside source static 1.1.1.9 1.3.1.175
ip nat inside source static 1.1.1.2 1.3.1.170
ip nat inside source static 1.1.1.3 1.3.1.171
ip nat inside source static 1.1.1.10 1.3.1.172
ip nat inside source static 1.1.1.14 1.3.1.167
ip nat inside source static 1.1.1.15 1.3.1.168
ip nat inside source static 1.1.1.226 1.3.1.169
ip nat inside source static 1.1.1.194 1.3.1.161
ip nat inside source static 1.1.1.205 1.2.1.231
ip nat inside source static 1.1.1.204 1.2.1.232
ip nat inside source static 1.1.1.238 1.2.1.238
no ip classless
ip route 0.0.0.0 0.0.0.0 1.3.1.1
ip route 1.2.1.0 255.255.255.0 Serial0/1
ip route 1.2.1.0 255.255.255.0 Serial0/1
no ip http server
!
logging 1.1.1.201
access-list 1 deny 1.1.1.9
access-list 1 deny 1.1.1.10
access-list 1 deny 1.1.1.15
access-list 1 deny 1.1.1.14
access-list 1 deny 1.1.1.3
access-list 1 deny 1.1.1.2
access-list 1 deny 1.1.1.226
access-list 1 deny 1.1.1.194
access-list 1 permit 1.1.1.0 0.0.0.255
access-list 100 deny 53 any any log-input
access-list 100 deny 55 any any log-input
access-list 100 deny 77 any any log-input
access-list 100 deny pim any any log-input
access-list 100 permit ip any any
access-list 167 deny 53 any any log-input
access-list 167 deny 55 any any log-input
access-list 167 deny 77 any any log-input
access-list 167 deny pim any any log-input
access-list 167 permit tcp 1.4.1.0 0.0.0.255 host 1.3.1.170 eq 139
access-list 167 permit tcp 1.4.1.0 0.0.0.255 host 1.3.1.170 eq 135
access-list 167 permit tcp host 1.5.1.1 host 1.3.1.170 eq 139
access-list 167 permit tcp host 1.5.1.1 host 1.3.1.170 eq 135
access-list 167 permit tcp host 1.8.1.102 host 1.3.1.170 eq 139
access-list 167 permit tcp host 1.8.1.102 host 1.3.1.170 eq 135
access-list 167 deny tcp any any eq 139 log-input
access-list 167 deny udp any any eq netbios-ss log-input
access-list 167 deny tcp any any eq 445 log-input
access-list 167 deny udp any any eq 445 log-input
access-list 167 deny tcp any any eq sunrpc log-input
access-list 167 deny tcp any any eq 135 log-input
access-list 167 deny udp any any eq 135 log-input
access-list 167 deny tcp any any eq 143 log-input
access-list 167 deny tcp any any eq 389 log-input
access-list 167 deny tcp any any eq 563 log-input
access-list 167 deny tcp any any eq 593 log-input
access-list 167 deny tcp any any eq 636 log-input
access-list 167 deny tcp any any eq 1031 log-input
access-list 167 deny tcp any any eq 1248 log-input
access-list 167 deny tcp any any eq 5800 log-input
access-list 167 deny tcp any any eq 5900 log-input
access-list 167 permit tcp any any
access-list 167 permit udp any any
access-list 167 permit icmp 1.4.1.0 0.0.0.255 any log-input
access-list 167 permit icmp 1.2.1.0 0.0.0.255 any log-input
access-list 167 permit icmp 1.7.1 0.0.0.255 any log-input
access-list 167 permit icmp 1.8.1.0 0.0.0.255 any log-input
access-list 167 permit icmp any any ttl-exceeded log-input
access-list 167 deny icmp any any log-input
access-list 190 permit ip host 1.1.1.2 any
access-list 190 permit ip host 1.1.1.3 any
access-list 190 permit ip host 1.1.1.9 any
access-list 190 permit ip host 1.1.1.10 any
access-list 190 permit ip host 1.1.1.14 any
access-list 190 permit ip host 1.1.1.15 any
access-list 190 permit ip host 1.1.1.194 any
access-list 190 permit ip host 1.1.1.226 any
route-map frame-map permit 10
match ip address 190
!
route-map full-t1 permit 10
match ip address 190
set ip default next-hop 1.3.1.49
!
route-map full-t1 permit 20
match ip address 1
set ip default next-hop 1.2.1.37
!
route-map new-full-t1 permit 30
match ip address
!
banner motd ^C
************************************************** **************************
* This is a private computer/communication facility. Access to it for
any *
* reason must be specifically authorized. System personnel will/may
*
* monitor for unauthorized activity. Anyone using this system
expressly *
* consents to such monitoring. Your continued access, if
unauthorized, *
* may result in criminal and/or civil proceedings.
*
************************************************** **************************
^C
!
line con 0
location Welcome to the cisco Gateway
exec-timeout 60 0
privilege level 3
notify
transport preferred none
escape-character 3
line aux 0
exec-timeout 60 0
privilege level 3
modem Dialin
notify
transport input all
line vty 0 3
exec-timeout 60 0
privilege level 3
length 23
width 0
notify
transport preferred none
escape-character 3
line vty 4
access-class 3 in
exec-timeout 60 0
privilege level 3
length 23
width 0
notify
transport preferred none
escape-character 3
!
ntp clock-period 17179764
ntp server 1.1.1.201 source Ethernet0/0
end
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Latency of copper vs latency of fibre? anon6111@hotmail.com Cisco 2 06-19-2006 01:09 AM
High latency when idle, low latency when passing traffic Mark Williams Cisco 2 04-25-2006 07:19 AM
Bandwidth affected by latency Frank Cisco 4 11-23-2005 03:26 AM
1 Frame per second frame capture rate Don and Liz Campbell Digital Photography 4 03-25-2005 02:47 PM
Big latency on CISCO 7200 ATM circuit Raymond Jimenez Cisco 3 12-16-2003 03:51 AM



Advertisments