Bandwidth control with Cisco 3550?

Discussion in 'Cisco' started by Jon Nicoll, Sep 3, 2004.

  1. Jon Nicoll

    Jon Nicoll Guest

    Hi all

    I hope someone can help me with this problem:

    Hosts A, B and C are connected via a cisco 3550 with IOS 12.1 all
    configured to 100M full duplex.

    +--------+ +--------+
    | Host A | | Host B |
    +----+---+ +----+---+
    | |
    | |
    |<---ICMP--->|
    | |
    |fe |fe
    +----+------------+---+
    |Cisco 3550 |
    +----+----------------+
    |fe
    |
    ^ |
    | |
    | |
    ESP |
    +--------+
    | Host C |
    +--------+



    Host C sends high levels of traffic to Hosts A and B. Using the
    standard configuration, when Host C sends high levels of traffic to A
    or B they cannot communicate with each other reliably because the MACs
    on A or B drop a small percentage of packets. However, for our
    application hosts A and B MUST communicate reliably.

    Is there any way to make sure that the ports that Host A and B are
    connected to are not flooded by C? Could port C have its bandwidth
    restricted somehow?

    The traffic between A and B is ICMP.
    The traffic from C to A or B is ESP.


    Thanks for your thoughts
    Jon N
     
    Jon Nicoll, Sep 3, 2004
    #1
    1. Advertising

  2. Jon Nicoll

    mh Guest

    connect them with a direct back-to-back link on separate NICs
     
    mh, Sep 3, 2004
    #2
    1. Advertising

  3. Jon Nicoll

    Scooby Guest

    "Jon Nicoll" <9.co.uk> wrote in message
    news:...
    > Hi all
    >
    > I hope someone can help me with this problem:
    >
    > Hosts A, B and C are connected via a cisco 3550 with IOS 12.1 all
    > configured to 100M full duplex.
    >
    > +--------+ +--------+
    > | Host A | | Host B |
    > +----+---+ +----+---+
    > | |
    > | |
    > |<---ICMP--->|
    > | |
    > |fe |fe
    > +----+------------+---+
    > |Cisco 3550 |
    > +----+----------------+
    > |fe
    > |
    > ^ |
    > | |
    > | |
    > ESP |
    > +--------+
    > | Host C |
    > +--------+
    >
    >
    >
    > Host C sends high levels of traffic to Hosts A and B. Using the
    > standard configuration, when Host C sends high levels of traffic to A
    > or B they cannot communicate with each other reliably because the MACs
    > on A or B drop a small percentage of packets. However, for our
    > application hosts A and B MUST communicate reliably.
    >
    > Is there any way to make sure that the ports that Host A and B are
    > connected to are not flooded by C? Could port C have its bandwidth
    > restricted somehow?
    >
    > The traffic between A and B is ICMP.
    > The traffic from C to A or B is ESP.
    >
    >
    > Thanks for your thoughts
    > Jon N



    You can use QOS and prioritize/queue the packets as you need. The 3550
    supports weighted round robin.
     
    Scooby, Sep 3, 2004
    #3
  4. Jon Nicoll

    AnyBody43 Guest

    "Scooby" <> wrote in message news:<V06_c.3879$>...
    > "Jon Nicoll" <9.co.uk> wrote in message
    > news:...
    > > Hi all
    > >
    > > I hope someone can help me with this problem:
    > >
    > > Hosts A, B and C are connected via a cisco 3550 with IOS 12.1 all
    > > configured to 100M full duplex.
    > >
    > > +--------+ +--------+
    > > | Host A | | Host B |
    > > +----+---+ +----+---+
    > > | |
    > > | |
    > > |<---ICMP--->|
    > > | |
    > > |fe |fe
    > > +----+------------+---+
    > > |Cisco 3550 |
    > > +----+----------------+
    > > |fe
    > > |
    > > ^ |
    > > | |
    > > | |
    > > ESP |
    > > +--------+
    > > | Host C |
    > > +--------+
    > >
    > >
    > >
    > > Host C sends high levels of traffic to Hosts A and B. Using the
    > > standard configuration, when Host C sends high levels of traffic to A
    > > or B they cannot communicate with each other reliably because the MACs
    > > on A or B drop a small percentage of packets.


    This would be quite unusual. Along with "100M full duplex" I would
    check that you do not have any duplex miss-matches.
    Unless you are a networking wizard start with auto/auto on
    everything and then consider changing if errors or "late collisions"
    are reported on the switch ports. Collisions are OK.


    In this type of configuration the ports should have effectively
    zero errors. Much less than 1 in a million.

    Here is a high utilisation FE port on our LAN. Just the first one
    I saw with big numbers.

    1063108417 packets input, 1614243572 bytes
    Received 74100 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 watchdog, 0 multicast
    0 input packets with dribble condition detected
    397500520 packets output, 3821698859 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 babbles, 0 late collision, 0 deferred

    ZERO errors in 1,063,108,417 packets.

    This is typical of current ethernets.

    "the MACs on A or B drop a small percentage of packets"

    What do you mean? Exactly:)


    If you really are filling up 100Mbps FD then as suggested already,
    use a seperate network (a crossover cable?) for the host A to
    host B comms, use QoS, or upgrade to GBE.


    > > However, for our
    > > application hosts A and B MUST communicate reliably.
    > >
    > > Is there any way to make sure that the ports that Host A and B are
    > > connected to are not flooded by C? Could port C have its bandwidth
    > > restricted somehow?
     
    AnyBody43, Sep 4, 2004
    #4
  5. Jon Nicoll

    Jon Nicoll Guest

    Hi there

    Thanks for your comments. As is often the case, my first posting
    only gave the broad outline. Here are some more details to explain why
    so many packets are dropped.

    Hosts A, B and C are IP encryptors. Unencrypted IP packets are
    encrypted and tunnelled in an ESP packet. This introduces a
    considerable overhead.

    With short packets the encrypted side becomes saturated when the
    unencrypted side reaches around 69% loading. At host A the combined
    load of the ESP packets from host C and the ICMP packets from Host B
    mean that ESPs and ICMPs are indiscriminately dropped.

    If I can somehow throttle host C this would stop this problem.

    Here is an enhanced diagram to illustrate the situation

    Unencrypted Unencrypted
    IP(ESP) IP(ESP)
    | |
    | |
    V V
    +--------+ +--------+
    | Host A | | Host B |
    +----+---+ +----+---+
    Encrypted | | Encrypted
    IP(ESP) | | IP(ESP)
    | | | |
    | |<---ICMP--->| |
    V | | V
    |fe |fe
    +----+------------+---+
    |Cisco 3550 |
    +----+----------------+
    |fe
    |
    ^ |
    | |
    Encrypted |
    IP(ESP) |
    +---+----+
    | Host C |
    +--------+
    ^
    |
    Unencrypted
    IP(ESP)



    Any more thoughts?

    Thanks
    Jon N
     
    Jon Nicoll, Sep 6, 2004
    #5
  6. Jon Nicoll

    mh Guest

    Then you may need to look at:
    1) external hardware encyptors that can keep up with the traffic
    2) depending on your host environment use NICs that have encryption co-processors
    c) host hardware upgrade to systems that can keep up to the traffic volume
     
    mh, Sep 6, 2004
    #6
  7. Jon Nicoll

    Ben Guest

    Simple to limit host C, just set up policing on the port. 3550 have quite a
    lot of QoS capability.
    Even if there are other hosts using the same port you can match host C with
    a MAC access list.


    "Jon Nicoll" <9.co.uk> wrote in message
    news:...
    > Hi there
    >
    > Thanks for your comments. As is often the case, my first posting
    > only gave the broad outline. Here are some more details to explain why
    > so many packets are dropped.
    >
    > Hosts A, B and C are IP encryptors. Unencrypted IP packets are
    > encrypted and tunnelled in an ESP packet. This introduces a
    > considerable overhead.
    >
    > With short packets the encrypted side becomes saturated when the
    > unencrypted side reaches around 69% loading. At host A the combined
    > load of the ESP packets from host C and the ICMP packets from Host B
    > mean that ESPs and ICMPs are indiscriminately dropped.
    >
    > If I can somehow throttle host C this would stop this problem.
    >
    > Here is an enhanced diagram to illustrate the situation
    >
    > Unencrypted Unencrypted
    > IP(ESP) IP(ESP)
    > | |
    > | |
    > V V
    > +--------+ +--------+
    > | Host A | | Host B |
    > +----+---+ +----+---+
    > Encrypted | | Encrypted
    > IP(ESP) | | IP(ESP)
    > | | | |
    > | |<---ICMP--->| |
    > V | | V
    > |fe |fe
    > +----+------------+---+
    > |Cisco 3550 |
    > +----+----------------+
    > |fe
    > |
    > ^ |
    > | |
    > Encrypted |
    > IP(ESP) |
    > +---+----+
    > | Host C |
    > +--------+
    > ^
    > |
    > Unencrypted
    > IP(ESP)
    >
    >
    >
    > Any more thoughts?
    >
    > Thanks
    > Jon N
     
    Ben, Sep 11, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. desdronox
    Replies:
    1
    Views:
    2,954
    Terry Baranski
    Jul 10, 2003
  2. JohnNews
    Replies:
    10
    Views:
    6,795
    One Step Beyond
    Oct 20, 2003
  3. Steinar Haug
    Replies:
    0
    Views:
    789
    Steinar Haug
    Oct 20, 2003
  4. pi1220
    Replies:
    0
    Views:
    1,054
    pi1220
    Feb 12, 2004
  5. Larry
    Replies:
    2
    Views:
    2,955
    Larry
    Sep 22, 2004
Loading...

Share This Page