HI, I have many 1760 routers with built in VPN module, but this router special, soon after WAN link upgrade from 2Mbps to 4Mbps it start hanging when wan link utilisation goes high, we change the hardware, means swap the router with a another similar model. This one with 3 P2P IPSEC tunnels , most of the CPU taken by encrypt process, so I down graded the encryption to DES as a workaround. But still when WAN link goes high router hangs.
Any one with any good suggesions pls, I attach the tech-support for review
I did find a problem but I'm not sure if this would cause any router to hang.
Your WAN facing interface is running at 100/Half Duplex.
It seems the device connected to you (PE device) is hardcoding its speed and duplex and you are using auto/auto.
This can degrade your internet connection and the collision count on the interface is quite high.
When the router hangs, do you have to reboot? Does traffic still flows through it? Can you SSH to it?
BTW, here is the output from your WAN interface:
FastEthernet0/1 is up, line protocol is up
Hardware is Fast Ethernet, address is 0017.e035.7398 (bia 0017.e035.7398)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:53, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 541000 bits/sec, 73 packets/sec
5 minute output rate 239000 bits/sec, 65 packets/sec
645542 packets input, 498529983 bytes, 0 no buffer
Received 1088 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
572894 packets output, 104513330 bytes, 0 underruns
0 output errors, 3357 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Appreciate all inputs on this matter, what do you think about a Ethernet WAN link traffic load on a router compared with T1 WAN link, my feeling about this would be routers should be abloe to handle larger Ethernet WAN link traffic compared to T1 WAN link.
A router will be able to support higher throughput when the WAN link is Ethernet based as there isn't any serialization from Ethernet to Ethernet.
If your WAN link is Ethernet, your 1760 router should be able to support 4Mbps of traffic 'with' the VPN Module.
I don't have any numbers on the 1760 router 'without' a VPN module as all packets will be processed by the CPU.
My best guess estimate would be getting the process switched number from the following spreadsheet:
Which indicates the router can potentially support 1Mpbs of process switched traffic
With a VPN module, this router is supposed to support 15Mbps, according to this spreadsheet:
My judgement was to upgrade the router to 2821 or higher.
Please follow your judgement.
Errrr ... What "with built in VPN module"? This 1760 doesn't have one. You're running software-based encryption. Although the 1760 can do 8.16mb traffic unencrypted I believe (correct me if I'm wrong) it will have difficulty of 4Mb with software encryption.
Your 1760 router has a WIC-4ESW and PVDM but no VPN module.