Cisco Forum — Allgemein

RolfW · 22.12.2011, 10:22

Liebes Forum,

wir haben in einer Außenstelle ein kleines Problem mit den Antwortzeiten.
Sobald wir z.B. eine Remoteverbindung zu einem Client aufbauen, schwanken diese zwischen 100-800ms. Im Normalfall schwankt dies zwischen 60-80ms.

Folgende Struktur:

Standort Firma:
- 2 ISP Anbieter mit jeweils 10MBit
- 2 Cisco 2800 Router (VPN Router) mit IOS Version 12.4(9)T5

Standort Außenstelle:
- VPN 836/876 Router in diesem Fall IOS Version 12.4(15)T10
- 1 Cisco C2960 mit IOS Version 12.2(25)SEE2

Die DSL Business Leitung soll laut Telekom in Ordnung sein.

Anbei der Output:

Code:

VPN_Aachen#sh dsl int atm 0
ATM0
Alcatel 20190 chipset information
                ATU-R (DS)                      ATU-C (US)
Modem Status:    Showtime (DMTDSL_SHOWTIME)
DSL Mode:        ITU G.992.1 (G.DMT) Annex B
ITU STD NUM:     0x03                            0x1
Vendor ID:       'STMI'                          'IFTN'
Vendor Specific: 0x0000                          0x71B8
Vendor Country:  0x0F                            0xB5
Chip ID:         C196 (0)
DFE BOM:         DFE3.0 Annex B (2)
Capacity Used:   77%                             61%
Noise Margin:    13.5 dB                         19.0 dB
Output Power:    13.0 dBm                        10.0 dBm
Attenuation:     13.0 dB                          6.0 dB
Defect Status:   None                            None
Last Fail Code:  None
Watchdog Counter: 0x52
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction:     0x00 (UR2)
Interrupts:      12378 (0 spurious)
PHY Access Err:  0
Activations:     1
LED Status:      ON
LED On Time:     100
LED Off Time:    100
Init FW:         init_AMR-3.0.014_no_bist.bin
Operation FW:    AMR-3.0.014.bin
FW Source:       embedded
FW Version:      3.0.14

                 Interleave             Fast    Interleave              Fast
Speed (kbps):          6656                0           640                 0
Cells:              2303410                0      10542259                 0
Reed-Solomon EC:          0                0             0                 0
CRC Errors:               0                0             0                 0
Header Errors:            0                0             0                 0
Total BER:                0E-0           0E-0
Leakage Average BER:      0E-0           0E-0
                        ATU-R (DS)      ATU-C (US)
Bitswap:               enabled            enabled
Bitswap success:          0                   0
Bitswap failure:          0                   0

LOM Monitoring : Disabled


DMT Bits Per Bin
000: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
010: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
020: 0 6 7 7 8 8 8 8 8 8 8 9 9 9 9 9
030: 9 8 8 8 8 7 6 6 6 5 5 5 4 4 5 6
040: 7 9 9 A A B B B B C B B C B C B
050: B B B B B B B B B B C B B B B B
060: 0 B B B B B B B B B B B B B B B
070: B B B B 2 B B B B B B B B B B B
080: B B B B B B B B A B A A A B A A
090: A A B A A A A A A A A A A A A A
0A0: A A A A A A A A A A A 9 9 A A A
0B0: 9 A 9 9 A 9 9 9 9 9 9 9 9 9 9 9
0C0: 9 9 9 9 9 9 9 9 9 9 A 9 9 9 9 9
0D0: 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9
0E0: 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9
0F0: 9 9 9 9 8 9 9 8 9 9 9 8 8 8 8 8

DSL: Training log buffer capability is not enabled

Dies ist allerdings nur 1 von 30 anderen Außenstellen. Die anderen funktionieren Problemlos.

Vielen Dank.

Grüße

Rolf

Wordo · 22.12.2011, 10:26

Hm ... wenn bei wenig Traffic schon so hohe Latenz kommt tipp ich mal auf Duplex mismatch.

RolfW · 22.12.2011, 10:26

Code:

VPN_Aachen#sh run
Building configuration...

Current configuration : 4781 bytes
!
! Last configuration change at 08:38:24 MET Thu Dec 22 2011 by vpn
! NVRAM config last updated at 08:39:12 MET Thu Dec 22 2011 by vpn
!
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname VPN_XXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200

!
no aaa new-model
clock timezone MET 1
clock summer-time MESZ recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint TP-self-signed-850411496
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-850411496
 revocation-check none
 rsakeypair TP-self-signed-850411496
!
!
dot11 syslog
ip cef
!
!
ip dhcp excluded-address 10.10.10.1
!
!
no ip domain lookup
ip domain name domain.local
!
multilink bundle-name authenticated
isdn switch-type basic-net3
!
!
crypto isakmp keepalive 20 8 periodic
!
!
!
!
!
crypto ipsec client ezvpn crws-client
 connect auto
 group GROUP key 6 KEY
 mode network-extension
 peer 11.11.11.11 default
 peer 12.12.12.12
 idletime 600
 xauth userid mode interactive
!
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip tftp source-interface Vlan1
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn switch-type basic-net3
 isdn point-to-point-setup
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 no ip mroute-cache
 atm vc-per-vp 64
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 pvc 1/32
  oam-pvc 0
  pppoe-client dial-pool-number 1
 !

RolfW · 22.12.2011, 10:27

Code:

!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description VPN_XXX
 ip address 10.10.10.10 255.255.255.240
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1380
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1380
 ip policy route-map clear-df-bit-map
 crypto ipsec client ezvpn crws-client inside
!
interface Dialer0
 description $FW_INSIDE$
 mtu 1400
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer remote-name redback
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname t-online-com/X9X@t-online-com.de
 ppp chap password 7 111
 ppp pap sent-username t-online-com/X9X@t-online-com.de password 7 111
 ppp ipcp dns request
 ppp ipcp wins request
 crypto ipsec client ezvpn crws-client
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
ip access-list extended clear-df-bit
 permit tcp any any
!
trap debugging
dialer-list 1 protocol ip permit
no cdp run
!
!
!
route-map clear-df-bit-map permit 10
 match ip address clear-df-bit
 set ip df 0
!
!
control-plane
!
banner login ^CCCC
-----------------------------------------------------------------------
This Router is private property of XXX
If you have access please disconnect and contact our hotline
xxx
-----------------------------------------------------------------------
^C
!
line con 0
 login local
 no modem enable
 transport output telnet
 stopbits 1
line aux 0
 login local
 transport output telnet
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 length 0
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17182592
ntp server 213.133.98.226
end

RolfW · 22.12.2011, 10:29

Zitat von Wordo

Hm ... wenn bei wenig Traffic schon so hohe Latenz kommt tipp ich mal auf Duplex mismatch.

Hallo,

die Latenzzeiten von 60ms sind bei uns leider "standard" :-/
Zum Teil kann es vorkommen, das ein PING ganz verloren geht...

Grüße

Rolf

Wordo · 22.12.2011, 10:36

Zitat von R.Wolff

.
Sobald wir z.B. eine Remoteverbindung zu einem Client aufbauen, schwanken diese zwischen 100-800ms.

Es war darauf bezogen. Check mal IF Status ob irgendwo HD laeuft ...

RolfW · 22.12.2011, 10:45

Also auf dem Außenstellenrouter und Switch sieht es "gut" aus:

Code:

VPN_XXX#sh interfaces status

Port    Name               Status       Vlan       Duplex Speed Type
Fa0                        connected    1          a-full   a-100 10/100BaseTX
Fa1                        connected    1          a-full   a-100 10/100BaseTX
Fa2                        connected    1          a-full   a-100 10/100BaseTX
Fa3                        notconnect   1            auto    auto 10/100BaseTX

Code:

DV_XXX#show int status

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/1                        notconnect   1            auto   auto 10/100BaseTX
Fa0/2     kasse-m01-XXX    connected    1          a-full  a-100 10/100BaseTX
Fa0/3                        notconnect   1            auto   auto 10/100BaseTX
Fa0/4                        notconnect   1            auto   auto 10/100BaseTX
Fa0/5                        notconnect   1            auto   auto 10/100BaseTX
Fa0/6                        connected    1          a-full  a-100 10/100BaseTX
Fa0/7                        notconnect   1            auto   auto 10/100BaseTX
Fa0/8                        notconnect   1            auto   auto 10/100BaseTX
Fa0/9                        notconnect   1            auto   auto 10/100BaseTX
Fa0/10                       notconnect   1            auto   auto 10/100BaseTX
Fa0/11                       notconnect   1            auto   auto 10/100BaseTX
Fa0/12                       notconnect   1            auto   auto 10/100BaseTX
Fa0/13                       notconnect   1            auto   auto 10/100BaseTX
Fa0/14                       notconnect   1            auto   auto 10/100BaseTX
Fa0/15                       notconnect   1            auto   auto 10/100BaseTX
Fa0/16                       connected    1          a-full  a-100 10/100BaseTX
Fa0/17                       notconnect   1            auto   auto 10/100BaseTX
Fa0/18                       notconnect   1            auto   auto 10/100BaseTX
Fa0/19                       connected    1          a-full  a-100 10/100BaseTX
Fa0/20                       notconnect   1            auto   auto 10/100BaseTX
Fa0/21                       notconnect   1            auto   auto 10/100BaseTX
Fa0/22                       notconnect   1            auto   auto 10/100BaseTX
Fa0/23                       notconnect   1            auto   auto 10/100BaseTX
Fa0/24                       connected    1          a-full  a-100 10/100BaseTX
Gi0/1                        notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/2                        notconnect   1            auto   auto 10/100/1000BaseTX

Grüße

Rolf

Wordo · 22.12.2011, 10:51

Und die Ports auf dem VPN Router?

RolfW · 22.12.2011, 10:53

Zitat von Wordo

Und die Ports auf dem VPN Router?

Der ist im ersten Post. Oder meinst die 2800er?

Wir haben nun soagr mal einen PC im Router eingesteckt. Brachte kein Erfolg auf Besserung.

Anbei noch die Counters des INterfaces auf dem VPN Router:

Code:

VPN_XXX#sh int fa0
FastEthernet0 is up, line protocol is up
  Hardware is Fast Ethernet, address is 0027.0d0d.9885 (bia 0027.0d0d.9885)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:03, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 1000 bits/sec, 1 packets/sec
  5 minute output rate 77000 bits/sec, 1 packets/sec
     42280 packets input, 9126898 bytes, 0 no buffer
     Received 81 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     41940 packets output, 18846651 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     229 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
VPN_Aachen#sh int fa1
FastEthernet1 is up, line protocol is up
  Hardware is Fast Ethernet, address is 0027.0d0d.9886 (bia 0027.0d0d.9886)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 01:15:44, output never, output hang never
  Last clearing of "show interface" counters 02:24:21
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     111652 packets input, 22676444 bytes, 0 no buffer
     Received 149 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     118891 packets output, 80642186 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     209 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

Was mir hier auffällt sind die "drops"

Wordo · 22.12.2011, 10:58

Steigen die wenn du ne Verbindung initiierst?

Cisco Forum — Allgemein

Cisco Forum: Alles zum Thema CISCO Zertifizierungen CCNA, CCNP, CCSP, CCIE etc. — Q & A zum Thema CISCO Router, Switches und Firewalls