Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco 2621 Slows Down Over Time...

Reply
Thread Tools

Cisco 2621 Slows Down Over Time...

 
 
Eric Swartz
Guest
Posts: n/a
 
      12-01-2003
Help! We have a Cisco 2621 (attached is the configuration) that slows
down over time... to the point where the only solution is to reboot
the router. We're doing some filtering to the outside, and we're
routing two subnets through the LAN ports, both to each other and to
the serial port (our T1 connection to the internet).

We need to figure out if we're trying to do too much w/ this router,
or if it's our configuration. Naturally, we didn't have this problem
until we started filtering. Using this device to route the subnets
could be adding to the problem, but we were having the slow down
issues before we subnetted the network.

We don't seem to be running out of memory as the slow down occurs even
when we still have almost 50% free memory. We do have multiple people
being routed to an internal VPN server (as shown in the
configuration), but even without them connected it seems there's
enough internet traffic going on to slow things down over time as
well.

Any help would be appreciated. We don't want to go spending $1K's on a
faster router when all it'll do is extend the amount of time before a
slow down.

Thx,

Eric Swartz

Configuration Follows:

Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
!
hostname 2621R
!
logging buffered 4096 debugging
enable secret 5 $1$BeaA$qtuzsXAFQPlr62DhijcP4.
!
!
!
!
!
ip subnet-zero
no ip source-route
ip name-server 216.68.1.100
!
ip audit notify log
ip audit po max-events 100
ip reflexive-list timeout 60
isdn switch-type basic-ni
!
!
!
interface FastEthernet0/0
description connected to EthernetLAN
ip address 10.92.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
no cdp enable
!
interface BRI0/0
no ip address
shutdown
isdn switch-type basic-ni
no cdp enable
!
interface Serial0/0
description connected to Internet
ip address 66.161.130.2 255.255.255.252
ip access-group inbound in
ip access-group outbound out
ip nat outside
fair-queue
no cdp enable
!
interface FastEthernet0/1
ip address 10.92.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
no cdp enable
!
ip nat pool 2621R-nat 66.161.226.34 66.161.226.34 netmask
255.255.255.224
ip nat inside source list 1 pool 2621R-nat overload
ip nat inside source static 10.92.0.2 66.161.226.60
ip nat inside source static 10.92.0.8 66.161.226.62
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
!
ip access-list extended inbound
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
permit tcp any any established
permit tcp any host 66.161.226.60 eq smtp
permit tcp any host 66.161.226.60 eq pop3
permit tcp any host 66.161.226.60 eq 143
permit tcp any host 66.161.226.62 eq www
permit tcp any host 66.161.226.62 eq 1723
permit gre any any
evaluate outfilter
ip access-list extended outbound
permit tcp host 66.161.226.60 any gt 1023 established
permit tcp host 66.161.226.62 any gt 1023 established
permit tcp any any eq www
permit tcp any any eq smtp
permit tcp any any eq ftp reflect outfilter
permit tcp any any eq ftp-data reflect outfilter
permit udp any any eq domain reflect outfilter
permit tcp any any eq domain reflect outfilter
permit tcp any any eq pop3
permit tcp any any eq 443
permit tcp any any eq 445
permit tcp any any eq 1494
permit tcp any any eq 1723
permit tcp any any eq 1863
permit tcp any any eq 1996
permit tcp any any eq 1997
permit tcp any any eq 5900
permit gre any any
access-list 1 permit 10.92.0.0 0.0.255.255
no cdp run
banner motd ^CUnauthorized Access is Prohibited!!!^C
!
line con 0
exec-timeout 0 0
password 7 105C08171618
login
transport input none
line aux 0
line vty 0 4
password 7 105C08171618
login
!
ntp clock-period 17180313
ntp server 192.5.41.209 source Serial0/0
end
 
Reply With Quote
 
 
 
 
ERP
Guest
Posts: n/a
 
      12-01-2003
Slowing down is kind of vague but, here are some things to try. The router
should be ok unless you are sending a massive amount of traffic through it.
Do a "sh proc cpu" and look to see what processes are using the most CPU.
If you have a very high IP input make sure you don't have a wrom infecting
you network. We had the welchia worm on some of our pc's and it tries to
connect to internet addresses. A few infected pc's were sending over2 mg per
sec. of traffic to the internet and would eventually crash the router.
If you don't have a worm try turning on cef with the "ip cef" command. It's
much better then prcess switched.
If you don't have a worm and you still have a lot of input traffic turn on
netflow switching.
under the interface type " ip route cache flow"
then do a sh ip cache flow
this will give you a break down of traffic per protocol. If you do have a
shortage of capacity you could try some priority queing/ class of service
type stuff.
I am typing the commands above from memory so the syntax may not be exact
but, pretty close.

"Eric Swartz" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Help! We have a Cisco 2621 (attached is the configuration) that slows
> down over time... to the point where the only solution is to reboot
> the router. We're doing some filtering to the outside, and we're
> routing two subnets through the LAN ports, both to each other and to
> the serial port (our T1 connection to the internet).
>
> We need to figure out if we're trying to do too much w/ this router,
> or if it's our configuration. Naturally, we didn't have this problem
> until we started filtering. Using this device to route the subnets
> could be adding to the problem, but we were having the slow down
> issues before we subnetted the network.
>
> We don't seem to be running out of memory as the slow down occurs even
> when we still have almost 50% free memory. We do have multiple people
> being routed to an internal VPN server (as shown in the
> configuration), but even without them connected it seems there's
> enough internet traffic going on to slow things down over time as
> well.
>
> Any help would be appreciated. We don't want to go spending $1K's on a
> faster router when all it'll do is extend the amount of time before a
> slow down.
>
> Thx,
>
> Eric Swartz
>
> Configuration Follows:
>
> Current configuration:
> !
> version 12.1
> service timestamps debug uptime
> service timestamps log datetime localtime
> service password-encryption
> !
> hostname 2621R
> !
> logging buffered 4096 debugging
> enable secret 5 $1$BeaA$qtuzsXAFQPlr62DhijcP4.
> !
> !
> !
> !
> !
> ip subnet-zero
> no ip source-route
> ip name-server 216.68.1.100
> !
> ip audit notify log
> ip audit po max-events 100
> ip reflexive-list timeout 60
> isdn switch-type basic-ni
> !
> !
> !
> interface FastEthernet0/0
> description connected to EthernetLAN
> ip address 10.92.0.1 255.255.255.0
> ip nat inside
> duplex auto
> speed auto
> no cdp enable
> !
> interface BRI0/0
> no ip address
> shutdown
> isdn switch-type basic-ni
> no cdp enable
> !
> interface Serial0/0
> description connected to Internet
> ip address 66.161.130.2 255.255.255.252
> ip access-group inbound in
> ip access-group outbound out
> ip nat outside
> fair-queue
> no cdp enable
> !
> interface FastEthernet0/1
> ip address 10.92.1.1 255.255.255.0
> ip nat inside
> duplex auto
> speed auto
> no cdp enable
> !
> ip nat pool 2621R-nat 66.161.226.34 66.161.226.34 netmask
> 255.255.255.224
> ip nat inside source list 1 pool 2621R-nat overload
> ip nat inside source static 10.92.0.2 66.161.226.60
> ip nat inside source static 10.92.0.8 66.161.226.62
> ip classless
> ip route 0.0.0.0 0.0.0.0 Serial0/0
> no ip http server
> !
> !
> ip access-list extended inbound
> deny ip 10.0.0.0 0.255.255.255 any
> deny ip 127.0.0.0 0.255.255.255 any
> deny ip 172.16.0.0 0.15.255.255 any
> deny ip 192.168.0.0 0.0.255.255 any
> permit tcp any any established
> permit tcp any host 66.161.226.60 eq smtp
> permit tcp any host 66.161.226.60 eq pop3
> permit tcp any host 66.161.226.60 eq 143
> permit tcp any host 66.161.226.62 eq www
> permit tcp any host 66.161.226.62 eq 1723
> permit gre any any
> evaluate outfilter
> ip access-list extended outbound
> permit tcp host 66.161.226.60 any gt 1023 established
> permit tcp host 66.161.226.62 any gt 1023 established
> permit tcp any any eq www
> permit tcp any any eq smtp
> permit tcp any any eq ftp reflect outfilter
> permit tcp any any eq ftp-data reflect outfilter
> permit udp any any eq domain reflect outfilter
> permit tcp any any eq domain reflect outfilter
> permit tcp any any eq pop3
> permit tcp any any eq 443
> permit tcp any any eq 445
> permit tcp any any eq 1494
> permit tcp any any eq 1723
> permit tcp any any eq 1863
> permit tcp any any eq 1996
> permit tcp any any eq 1997
> permit tcp any any eq 5900
> permit gre any any
> access-list 1 permit 10.92.0.0 0.0.255.255
> no cdp run
> banner motd ^CUnauthorized Access is Prohibited!!!^C
> !
> line con 0
> exec-timeout 0 0
> password 7 105C08171618
> login
> transport input none
> line aux 0
> line vty 0 4
> password 7 105C08171618
> login
> !
> ntp clock-period 17180313
> ntp server 192.5.41.209 source Serial0/0
> end



 
Reply With Quote
 
 
 
 
Eric Swartz
Guest
Posts: n/a
 
      12-02-2003
Thanks! What you just explained is exactly what I was looking for.
I'm not a Cisco expert by any stretch of the imagination, so adding
"ip route cache flow" to the configuration and then running "sh ip
cache flow" allowed me to find a couple machines we had just recently
imaged (with an older image not yet patched) that had the Nachi worm.

Another connected their laptop to the network and the cpu utilization
skyrocketed... sure enough I tracked him down too.

Now if I can find some software to help me monitor this real time (or
semi-real time) I'll be set.

Thanks again for your help!

Eric



"ERP" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> Slowing down is kind of vague but, here are some things to try. The router
> should be ok unless you are sending a massive amount of traffic through it.
> Do a "sh proc cpu" and look to see what processes are using the most CPU.
> If you have a very high IP input make sure you don't have a wrom infecting
> you network. We had the welchia worm on some of our pc's and it tries to
> connect to internet addresses. A few infected pc's were sending over2 mg per
> sec. of traffic to the internet and would eventually crash the router.
> If you don't have a worm try turning on cef with the "ip cef" command. It's
> much better then prcess switched.
> If you don't have a worm and you still have a lot of input traffic turn on
> netflow switching.
> under the interface type " ip route cache flow"
> then do a sh ip cache flow
> this will give you a break down of traffic per protocol. If you do have a
> shortage of capacity you could try some priority queing/ class of service
> type stuff.
> I am typing the commands above from memory so the syntax may not be exact
> but, pretty close.
>
> "Eric Swartz" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > Help! We have a Cisco 2621 (attached is the configuration) that slows
> > down over time... to the point where the only solution is to reboot
> > the router. We're doing some filtering to the outside, and we're
> > routing two subnets through the LAN ports, both to each other and to
> > the serial port (our T1 connection to the internet).
> >
> > We need to figure out if we're trying to do too much w/ this router,
> > or if it's our configuration. Naturally, we didn't have this problem
> > until we started filtering. Using this device to route the subnets
> > could be adding to the problem, but we were having the slow down
> > issues before we subnetted the network.
> >
> > We don't seem to be running out of memory as the slow down occurs even
> > when we still have almost 50% free memory. We do have multiple people
> > being routed to an internal VPN server (as shown in the
> > configuration), but even without them connected it seems there's
> > enough internet traffic going on to slow things down over time as
> > well.
> >
> > Any help would be appreciated. We don't want to go spending $1K's on a
> > faster router when all it'll do is extend the amount of time before a
> > slow down.
> >
> > Thx,
> >
> > Eric Swartz
> >
> > Configuration Follows:
> >
> > Current configuration:
> > !
> > version 12.1
> > service timestamps debug uptime
> > service timestamps log datetime localtime
> > service password-encryption
> > !
> > hostname 2621R
> > !
> > logging buffered 4096 debugging
> > enable secret 5 $1$BeaA$qtuzsXAFQPlr62DhijcP4.
> > !
> > !
> > !
> > !
> > !
> > ip subnet-zero
> > no ip source-route
> > ip name-server 216.68.1.100
> > !
> > ip audit notify log
> > ip audit po max-events 100
> > ip reflexive-list timeout 60
> > isdn switch-type basic-ni
> > !
> > !
> > !
> > interface FastEthernet0/0
> > description connected to EthernetLAN
> > ip address 10.92.0.1 255.255.255.0
> > ip nat inside
> > duplex auto
> > speed auto
> > no cdp enable
> > !
> > interface BRI0/0
> > no ip address
> > shutdown
> > isdn switch-type basic-ni
> > no cdp enable
> > !
> > interface Serial0/0
> > description connected to Internet
> > ip address 66.161.130.2 255.255.255.252
> > ip access-group inbound in
> > ip access-group outbound out
> > ip nat outside
> > fair-queue
> > no cdp enable
> > !
> > interface FastEthernet0/1
> > ip address 10.92.1.1 255.255.255.0
> > ip nat inside
> > duplex auto
> > speed auto
> > no cdp enable
> > !
> > ip nat pool 2621R-nat 66.161.226.34 66.161.226.34 netmask
> > 255.255.255.224
> > ip nat inside source list 1 pool 2621R-nat overload
> > ip nat inside source static 10.92.0.2 66.161.226.60
> > ip nat inside source static 10.92.0.8 66.161.226.62
> > ip classless
> > ip route 0.0.0.0 0.0.0.0 Serial0/0
> > no ip http server
> > !
> > !
> > ip access-list extended inbound
> > deny ip 10.0.0.0 0.255.255.255 any
> > deny ip 127.0.0.0 0.255.255.255 any
> > deny ip 172.16.0.0 0.15.255.255 any
> > deny ip 192.168.0.0 0.0.255.255 any
> > permit tcp any any established
> > permit tcp any host 66.161.226.60 eq smtp
> > permit tcp any host 66.161.226.60 eq pop3
> > permit tcp any host 66.161.226.60 eq 143
> > permit tcp any host 66.161.226.62 eq www
> > permit tcp any host 66.161.226.62 eq 1723
> > permit gre any any
> > evaluate outfilter
> > ip access-list extended outbound
> > permit tcp host 66.161.226.60 any gt 1023 established
> > permit tcp host 66.161.226.62 any gt 1023 established
> > permit tcp any any eq www
> > permit tcp any any eq smtp
> > permit tcp any any eq ftp reflect outfilter
> > permit tcp any any eq ftp-data reflect outfilter
> > permit udp any any eq domain reflect outfilter
> > permit tcp any any eq domain reflect outfilter
> > permit tcp any any eq pop3
> > permit tcp any any eq 443
> > permit tcp any any eq 445
> > permit tcp any any eq 1494
> > permit tcp any any eq 1723
> > permit tcp any any eq 1863
> > permit tcp any any eq 1996
> > permit tcp any any eq 1997
> > permit tcp any any eq 5900
> > permit gre any any
> > access-list 1 permit 10.92.0.0 0.0.255.255
> > no cdp run
> > banner motd ^CUnauthorized Access is Prohibited!!!^C
> > !
> > line con 0
> > exec-timeout 0 0
> > password 7 105C08171618
> > login
> > transport input none
> > line aux 0
> > line vty 0 4
> > password 7 105C08171618
> > login
> > !
> > ntp clock-period 17180313
> > ntp server 192.5.41.209 source Serial0/0
> > end

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VOIP over VPN over TCP over WAP over 3G Theo Markettos UK VOIP 2 02-14-2008 03:27 PM
Cisco newbie with a routing problem with Cisco 2621 Rick Bruner Cisco 5 10-27-2006 02:55 PM
Hyperthreading slows down server javed74@gmail.com ASP .Net 3 12-09-2005 02:54 PM
Firefox Slows Down My Whole System JimD Firefox 17 05-11-2005 03:47 AM
My PERL program slows down over time. Marc Perl Misc 3 03-04-2004 03:03 PM



Advertisments