WAN ROUTER SELECTION

avilt · ‎03-06-2008

I have two 2600 series internet routers connected to internet with BGP running. No VPN and only 2 LAN interfaces are in use. I have also implemented ACLs (not IOS firewall) on these routers. Bandwidth utilization is less than 10% of WAN bandwidth but still the router CPU utilization is always close to 100%. I am in the process of acquiring new routers. What model should I select?

Following is the output of show version command

-----------------------------------------ROM: System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)

ROM: C2600 Software (C2600-I-M), Version 12.3(19), RELEASE SOFTWARE (fc2)

RT01 uptime is 1 year, 4 weeks, 2 days, 20 hours, 2 minutes

System returned to ROM by reload at 19:19:00 UTC Fri Feb 2 2007

System restarted at 19:49:18 UTC Fri Feb 2 2007

System image file is "flash:c2600-i-mz.123-19.bin"

cisco 2621XM (MPC860P) processor (revision 0x100) with 28672K/4096K bytes of mem

ory.

Processor board ID JAD06350FKW (3438450250)

M860 processor: part number 5, mask 2

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

2 FastEthernet/IEEE 802.3 interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read/Write)

I have around 30 ACL entries and I feel ACL's are causing high CPU utilization.

CPU utilization was fine before implementing ACL's.

Thanks

Edison Ortiz · ‎03-08-2008

I'm assuming you are only getting the default route via BGP from your ISP provider. This router won't be able to support partial nor full BGP routes.

If this router was able to keep up until the addition of the ACLs, then a 2800ISR router should be able to give you a boost in performance. A 3800ISR would be a step up but everything is according to how much money you are willing to invest.

Please take a moment and read the configuration specs on both models

2800

http://www.cisco.com/en/US/products/ps5854/index.html

3800

http://www.cisco.com/en/US/products/ps5855/index.html

HTH,

__

Edison.

Joseph W. Doherty · ‎03-08-2008

When you see a busy CPU, you'll want to note the first pair of numbers. If they're close (within several percent), it's likely the router can't process the offered traffic load. If there's a large difference, configuration changes might improve performance.

ACLs can impact performance. Depending on what they're examining, some more than others.

If you can do so logically, it helps to reorder the sequence such that the ACLs are in descending hit count sequence in the list (counts should be seen if you show that access list).

Other features that can help improve performance, if supported and not already active, insure flow cache and CEF are active on all interfaces.

PS:

If you can provide your WAN link's bandwidth, suggestions might be offered of what size you need.

avilt · ‎03-08-2008

My WAN bandwidth is 100Mbps and the utilization is around 1MB. I have already reordered the ACL's for better performance. Many times the router logs the below message

"SYS-3-CPUHOG task ran for 5196 msec process = load meter PC=80499854"

I have a query, if we implement ACL's without logging on the internet router, dont we miss important logs?

Joseph W. Doherty · ‎03-08-2008

"I have a query, if we implement ACL's without logging on the internet router, dont we miss important logs?"

You would, if you consider them important.

Is console logging enabled or disabled?

Is flow cache and CEF active on all interfaces?

Do you have a show cpu snapshot when the router is busy?

Does the WAN link really provide 100 Mbps WAN bandwidth or is the handoff just 100 Mbps Ethernet? (The 2621XM, I believe, is inadequate to maintain 100 Mbps but you should be able to get much more that 1 Mbps. What did you get before adding the ACLs?)

avilt · ‎03-10-2008

console logging is disabled

ip cef is configured.

How do I verify flow cache?

I donot have the "show cpu snapshot" when the cpu goes high.

Bandwidth is just a handoff and the utilization is less than 1mbps.

Thank You

Joseph W. Doherty · ‎03-10-2008

Add ip route-cache flow to each interface.