Frame interface bandwidth creating latency in second circuit

Discussion in 'Cisco' started by John Kinsella, Nov 22, 2003.

  1. Hey guys - got a stumper I've been trying to debug for a few months.
    Current setup follows, I wanna get to the point and not bore too many:

    When the (864k) Frame circuit gets maxed out, latency (measured with
    traceroute) for natted users on the T1 circuit goes from 20ms for
    first hop to over a second. During this same time, there is no
    noticable latency difference for machines that have static IPs on the
    second T1. NAT is accomplished via route-maps.

    So, interesting part is, if I shut/no shut the frame circuit, latency
    on the t1 disappears for a period of time (varies from short to long,
    I suspect depending on the level of bandwidth on the frame circuit).

    I'm guessing this has something to do with either a bug in the version
    of IOS I'm running, or how my route-map stuff is setup. Anybody have
    any clues? This one's worth a few beers to me. :)

    I've got the following setup currently:

    Cisco 3600 with 3 active interfaces:
    eth 0/0 - duh
    ser 0/0 - frame encapsulated t1
    ser 0/0.1 - Virtual frame circuit to ISP
    ser 0/1 - full T1 to a different ISP

    Running IP NAT out over both interfaces with route maps

    running-config, with IPs obfuscated and passwords removed:

    Current configuration : 10742 bytes
    !
    ! Last configuration change at 17:01:04 utc Fri Nov 21 2003
    ! NVRAM config last updated at 14:30:25 utc Thu Oct 16 2003
    !
    version 12.1
    no service single-slot-reload-enable
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    service linenumber
    !
    hostname router
    !
    logging buffered 4096 informational
    aaa new-model
    aaa authentication login default line
    aaa authorization exec default none
    !
    !
    !
    !
    !
    clock timezone utc -7
    ip subnet-zero
    no ip source-route
    ip name-server 1.1.1.201
    !
    ip audit notify log
    ip audit po max-events 100
    !
    !
    !
    !
    !
    !
    !
    interface Ethernet0/0
    description Connection to office LAN
    ip address 1.1.1.1 255.255.255.0
    ip access-group 100 in
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip policy route-map full-t1
    !
    interface Serial0/0
    no ip address
    encapsulation frame-relay IETF
    service-module t1 timeslots 1-12
    no frame-relay inverse-arp
    frame-relay lmi-type ansi
    !
    interface Serial0/0.1 point-to-point
    ip address 1.3.1.2 255.255.255.252
    ip access-group 10 in
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    no cdp enable
    frame-relay interface-dlci 500
    !
    interface Ethernet0/1
    no ip address
    ip access-group 100 in
    shutdown
    !
    interface Serial0/1
    ip address 1.2.1.38 255.255.255.252
    ip access-group 167 in
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    fair-queue
    serial restart-delay 0
    !
    interface Serial1/0
    no ip address
    ip nat outside
    shutdown
    no fair-queue
    serial restart-delay 0
    !
    interface Serial1/1
    no ip address
    shutdown
    serial restart-delay 0
    !
    interface Serial1/2
    no ip address
    shutdown
    serial restart-delay 0
    !
    interface Serial1/3
    no ip address
    shutdown
    serial restart-delay 0
    !
    ip nat pool FRAMENAT 1.3.1.162 1.3.1.163 netmask 255.255.255.240
    ip nat pool TEENAT 1.2.1.225 1.2.1.226 netmask 255.255.255.224
    ip nat inside source list 1 pool FRAMENAT overload
    ip nat inside source route-map frame-map pool FRAMENAT overload
    ip nat inside source static 1.1.1.12 1.2.1.234
    ip nat inside source static 1.1.1.203 1.2.1.230
    ip nat inside source static 1.1.1.199 1.2.1.233
    ip nat inside source static 1.1.1.17 1.2.1.240
    ip nat inside source static 1.1.1.227 1.2.1.250
    ip nat inside source static 1.1.1.228 1.2.1.228
    ip nat inside source static 1.1.1.7 1.2.1.227
    ip nat inside source static 1.1.1.233 1.2.1.236
    ip nat inside source static 1.1.1.201 1.2.1.237
    ip nat inside source static 1.1.1.217 1.2.1.229
    ip nat inside source static 1.1.1.9 1.3.1.175
    ip nat inside source static 1.1.1.2 1.3.1.170
    ip nat inside source static 1.1.1.3 1.3.1.171
    ip nat inside source static 1.1.1.10 1.3.1.172
    ip nat inside source static 1.1.1.14 1.3.1.167
    ip nat inside source static 1.1.1.15 1.3.1.168
    ip nat inside source static 1.1.1.226 1.3.1.169
    ip nat inside source static 1.1.1.194 1.3.1.161
    ip nat inside source static 1.1.1.205 1.2.1.231
    ip nat inside source static 1.1.1.204 1.2.1.232
    ip nat inside source static 1.1.1.238 1.2.1.238
    no ip classless
    ip route 0.0.0.0 0.0.0.0 1.3.1.1
    ip route 1.2.1.0 255.255.255.0 Serial0/1
    ip route 1.2.1.0 255.255.255.0 Serial0/1
    no ip http server
    !
    logging 1.1.1.201
    access-list 1 deny 1.1.1.9
    access-list 1 deny 1.1.1.10
    access-list 1 deny 1.1.1.15
    access-list 1 deny 1.1.1.14
    access-list 1 deny 1.1.1.3
    access-list 1 deny 1.1.1.2
    access-list 1 deny 1.1.1.226
    access-list 1 deny 1.1.1.194
    access-list 1 permit 1.1.1.0 0.0.0.255
    access-list 100 deny 53 any any log-input
    access-list 100 deny 55 any any log-input
    access-list 100 deny 77 any any log-input
    access-list 100 deny pim any any log-input
    access-list 100 permit ip any any
    access-list 167 deny 53 any any log-input
    access-list 167 deny 55 any any log-input
    access-list 167 deny 77 any any log-input
    access-list 167 deny pim any any log-input
    access-list 167 permit tcp 1.4.1.0 0.0.0.255 host 1.3.1.170 eq 139
    access-list 167 permit tcp 1.4.1.0 0.0.0.255 host 1.3.1.170 eq 135
    access-list 167 permit tcp host 1.5.1.1 host 1.3.1.170 eq 139
    access-list 167 permit tcp host 1.5.1.1 host 1.3.1.170 eq 135
    access-list 167 permit tcp host 1.8.1.102 host 1.3.1.170 eq 139
    access-list 167 permit tcp host 1.8.1.102 host 1.3.1.170 eq 135
    access-list 167 deny tcp any any eq 139 log-input
    access-list 167 deny udp any any eq netbios-ss log-input
    access-list 167 deny tcp any any eq 445 log-input
    access-list 167 deny udp any any eq 445 log-input
    access-list 167 deny tcp any any eq sunrpc log-input
    access-list 167 deny tcp any any eq 135 log-input
    access-list 167 deny udp any any eq 135 log-input
    access-list 167 deny tcp any any eq 143 log-input
    access-list 167 deny tcp any any eq 389 log-input
    access-list 167 deny tcp any any eq 563 log-input
    access-list 167 deny tcp any any eq 593 log-input
    access-list 167 deny tcp any any eq 636 log-input
    access-list 167 deny tcp any any eq 1031 log-input
    access-list 167 deny tcp any any eq 1248 log-input
    access-list 167 deny tcp any any eq 5800 log-input
    access-list 167 deny tcp any any eq 5900 log-input
    access-list 167 permit tcp any any
    access-list 167 permit udp any any
    access-list 167 permit icmp 1.4.1.0 0.0.0.255 any log-input
    access-list 167 permit icmp 1.2.1.0 0.0.0.255 any log-input
    access-list 167 permit icmp 1.7.1 0.0.0.255 any log-input
    access-list 167 permit icmp 1.8.1.0 0.0.0.255 any log-input
    access-list 167 permit icmp any any ttl-exceeded log-input
    access-list 167 deny icmp any any log-input
    access-list 190 permit ip host 1.1.1.2 any
    access-list 190 permit ip host 1.1.1.3 any
    access-list 190 permit ip host 1.1.1.9 any
    access-list 190 permit ip host 1.1.1.10 any
    access-list 190 permit ip host 1.1.1.14 any
    access-list 190 permit ip host 1.1.1.15 any
    access-list 190 permit ip host 1.1.1.194 any
    access-list 190 permit ip host 1.1.1.226 any
    route-map frame-map permit 10
    match ip address 190
    !
    route-map full-t1 permit 10
    match ip address 190
    set ip default next-hop 1.3.1.49
    !
    route-map full-t1 permit 20
    match ip address 1
    set ip default next-hop 1.2.1.37
    !
    route-map new-full-t1 permit 30
    match ip address
    !
    banner motd ^C
    ****************************************************************************
    * This is a private computer/communication facility. Access to it for
    any *
    * reason must be specifically authorized. System personnel will/may
    *
    * monitor for unauthorized activity. Anyone using this system
    expressly *
    * consents to such monitoring. Your continued access, if
    unauthorized, *
    * may result in criminal and/or civil proceedings.
    *
    ****************************************************************************
    ^C
    !
    line con 0
    location Welcome to the cisco Gateway
    exec-timeout 60 0
    privilege level 3
    notify
    transport preferred none
    escape-character 3
    line aux 0
    exec-timeout 60 0
    privilege level 3
    modem Dialin
    notify
    transport input all
    line vty 0 3
    exec-timeout 60 0
    privilege level 3
    length 23
    width 0
    notify
    transport preferred none
    escape-character 3
    line vty 4
    access-class 3 in
    exec-timeout 60 0
    privilege level 3
    length 23
    width 0
    notify
    transport preferred none
    escape-character 3
    !
    ntp clock-period 17179764
    ntp server 1.1.1.201 source Ethernet0/0
    end
     
    John Kinsella, Nov 22, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Raymond Jimenez

    Big latency on CISCO 7200 ATM circuit

    Raymond Jimenez, Dec 15, 2003, in forum: Cisco
    Replies:
    3
    Views:
    717
    Mike Gallagher
    Dec 16, 2003
  2. Frank
    Replies:
    4
    Views:
    2,465
    thrill5
    Nov 23, 2005
  3. Mark Williams
    Replies:
    2
    Views:
    819
    clubfoot
    Apr 25, 2006
  4. Replies:
    2
    Views:
    8,893
    Michael Newbery
    Jun 19, 2006
  5. Don and Liz Campbell

    1 Frame per second frame capture rate

    Don and Liz Campbell, Mar 24, 2005, in forum: Digital Photography
    Replies:
    4
    Views:
    369
Loading...

Share This Page