packet loss Cisco c871

Unanswered Question
Jul 23rd, 2010
User Badges:

We have been trying to diagnose a performance problem and would like to get some comments


We have a 2 Cisco C870 routers connected via an EZVPN tunnel.


The remote site is experiencing performance issues connecting to an application at the main location.  There are no performance issues at the main location.


Ping tests from the remote site to the main location are showing consistant packet loss with different datagram size.  Ping tests to an internet ip are also showing consistant packet loss.


Ping tests from the main location to the remote site also are showing packet loss.  Ping tests to an internet IP show no loss.


Attached is the router config


Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(15)T5, RELEASE SOFTWARE (fc4)
5 FastEthernet interfaces
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)
Configuration register is 0x2102

rtrlong02#   
version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname rtrlong02
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
no logging console
!
aaa new-model
!
!
aaa authentication login default local
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
!
!
dot11 syslog
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip domain lookup
ip domain name lonny.com
login on-failure log
!

crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key fTrdXS#12Aw%%6 address 208.125.6.134 no-xauth
!
!
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
!
crypto map outside_map 10 ipsec-isakmp
set peer x.x.x.x
set transform-set ESP-3DES-MD5
match address 199
!
archive
log config
  hidekeys
!
interface FastEthernet0
load-interval 30
duplex full
speed 100
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
ip address x.x.x.x x.x.x.x
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1400
ip nat outside
ip virtual-reassembly
load-interval 30
duplex auto
speed auto
crypto map outside_map
!
interface Vlan1
ip address 10.64.14.1 255.255.255.0
ip helper-address 10.64.8.12
ip nat inside
ip virtual-reassembly
load-interval 30
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x
!
ip http server
no ip http secure-server
ip nat inside source list 100 interface FastEthernet4 overload
!
ip access-list extended ALLOW-MB-MANAGEMENT
permit tcp 192.168.5.0 0.0.0.255 any
permit tcp 192.168.4.0 0.0.0.255 any
permit tcp host 68.196.122.14 any eq 22
permit tcp host 68.196.124.93 any eq 22
permit tcp host 96.57.106.139 any eq 22
permit tcp host 96.57.106.138 any eq 22
!
access-list 100 deny   ip 10.64.14.0 0.0.0.255 10.64.8.0 0.0.0.255
access-list 100 deny   ip 10.64.14.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 100 deny   ip 10.64.14.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 100 permit ip 10.64.14.0 0.0.0.255 any
access-list 199 permit ip 10.64.14.0 0.0.0.255 10.64.8.0 0.0.0.255
access-list 199 permit ip 10.64.14.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 199 permit ip 10.64.14.0 0.0.0.255 192.168.5.0 0.0.0.255
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class ALLOW-MB-MANAGEMENT in
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end

rtrlong02#



Thanks in advance

Christopher

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gephelps Mon, 07/26/2010 - 06:51
User Badges:
  • Cisco Employee,

Where are you pinging from and to exactly? For instance at the remote location you stated the

re is packet loss determined by ICMP to the main site and to the internet. Is the ICMP traffic sourced

from the router itself or from a client on the inside network?


Based on your description I would be looking at the interfaces from the source at the remote site all the way to your provider. For instance F0 is statically configured and F4 is not. Are you seeing errors on either interface? Do you have a duplex mismatch?

Christopher Tom... Mon, 07/26/2010 - 07:02
User Badges:

George


The pings are sourced from either the vlan for internal ICMP's remote sight source 10.64.14.1 (VLAN1)  to main office 10.64.8.1 (BVI1)

We are getting good response times but loss of packets in the range of 85%.


We are also pinging Internet sites such as 4.2.2.2 and sourcing from interface f4 which is statically configured with public IP.

We are seeing the same percentage drop.


I did not include the public IP in the configuration.


When we ping a public IP from the main site there is no packet loss and speeds are acceptable

gephelps Mon, 07/26/2010 - 07:18
User Badges:
  • Cisco Employee,

If you are seeing loss from F4 to 4.4.4.2, I would focus there and start from the ground up. Are you seeing errors on the interface for F4? F4 is set to auto negotiate, did it negotiate to half duplex?


Assuming F4 plugs into a cable modem or something, can you disconnect the router and replace it with a laptop temporarily? With the laptop attempting to ping 4.4.4.2 do you see the same loss?

Christopher Tom... Mon, 07/26/2010 - 07:28
User Badges:

George


We are not seeing any sort of errors on the the F4 interface or any of the other interfaces.  We are not seeing any duplex mismatch. Connecting a laptop is still showing packet loss but not as much.  We are currently working with the supplier to see if it may be related to there cable modem.  But as stated we are perplexed by good response time 40 - 100 ms but dropped packets.


Keep the questions coming always good to get another perspective.


Thanks

josephjmg Wed, 04/17/2013 - 15:37
User Badges:

I'd also like to add that I'm having sort of the same problem, but only when under load.


I have a 50mbps connection and used to be able to utilize that no problem. Now, when I hit 30mbps, I get packet loss to the 871w, from it to my servers, and I can't seem to exceed 30mbps anymore.


And yes, bypassing shows 50mbps all day long. Sorry if this is irrelevant to your situation.


EDIT: adding examples


64 bytes from 192.168.0.254: icmp_req=716 ttl=255 time=5.79 ms

64 bytes from 192.168.0.254: icmp_req=717 ttl=255 time=23.7 ms

64 bytes from 192.168.0.254: icmp_req=718 ttl=255 time=17.9 ms

64 bytes from 192.168.0.254: icmp_req=720 ttl=255 time=68.9 ms

64 bytes from 192.168.0.254: icmp_req=721 ttl=255 time=24.5 ms

64 bytes from 192.168.0.254: icmp_req=722 ttl=255 time=164 ms

64 bytes from 192.168.0.254: icmp_req=723 ttl=255 time=10.9 ms

64 bytes from 192.168.0.254: icmp_req=724 ttl=255 time=3.37 ms

64 bytes from 192.168.0.254: icmp_req=725 ttl=255 time=40.8 ms


  30 second input rate 28918000 bits/sec, 3074 packets/sec

  30 second output rate 1052000 bits/sec, 1572 packets/sec


proc:

    777999999999999999999999999999999999999999977777999999999988

    666444448888844444466667777733333666662222244444000002222288



I don't know, I used to get 50 without a problem but now I can barely do 30.

Actions

This Discussion