Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

DMVPN w/ Multicasting setup/questions

Hello

I have a lot of questions, so bare with me as i puke them out of my head.

I have been doing some testing with DMVPN inconjuction with multicasting video (Hub and spoke, w/ no spoke to spoke). The test setup is using 2 cisco 2811 w/out the vpn module.  I understand the performance hit with not having the module. With that being said here are my questions.

1. With encryption on both the HUB and spoke routers are using 90-97% cpu (8Mb multicast stream).  With encryption off, the Hub is around 60%, and spoke around 75%.  Here is where i'm confused.  If i send that same stream as a unicast stream, w/ encryption on, both the Hub and spoke are only using around 30-35% cpu.  Why is there so much more cpu need when its a multicast stream?

2. In the current config i'm seeing input, throttles, and ignore errors on the Hub and spoke.  The Hub has these errors on the LAN interface, and the spoke has these errors on the WAN interface. All other interfaces are totally clean.  I have checked and there are no duplex or speed mismatches.  Any ideas?

HUB:

Current configuration : 1837 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Hub

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable password

!

no aaa new-model

clock timezone Central -6

!

dot11 syslog

ip source-route

!

!

ip cef

!

!

no ip domain lookup

ip name-server 8.8.8.8

ip multicast-routing

no ipv6 cef

!

multilink bundle-name authenticated

!

voice-card 0

!

archive

log config

  hidekeys

!

interface Tunnel1

bandwidth 100000

ip address 192.168.11.1 255.255.255.0

no ip redirects

ip mtu 1400

no ip next-hop-self eigrp 1

ip pim sparse-mode

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 450

no ip route-cache cef

ip tcp adjust-mss 1360

no ip split-horizon eigrp 1

delay 1000

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 100000

tunnel bandwidth transmit 100000

tunnel bandwidth receive 100000

!

interface FastEthernet0/0 (WAN)

ip address 216.x.x.x 255.255.255.192

ip pim sparse-mode

load-interval 30

duplex auto

speed auto

!

interface FastEthernet0/1 (LAN)

ip address 128.112.64.5 255.255.248.0

ip pim sparse-mode

load-interval 30

duplex auto

speed auto

!

router eigrp 1

network 128.112.0.0

network 192.168.11.0

auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 216.x.x.x

ip http server

ip http authentication local

ip http secure-server

!

!

ip pim rp-address 128.112.64.5 10

!

access-list 10 permit 239.10.0.0 0.0.255.255

snmp-server community public RO

!

Spoke:

Current configuration : 1857 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Spoke

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable password

!

no aaa new-model

clock timezone central -6

!

dot11 syslog

ip source-route

!

!

ip cef

!

!

no ip domain lookup

ip multicast-routing

no ipv6 cef

!

multilink bundle-name authenticated

!

!

voice-card 0

!

archive

log config

  hidekeys

!

interface Tunnel1

bandwidth 100000

ip address 192.168.11.2 255.255.255.0

no ip redirects

ip mtu 1400

ip pim sparse-mode

ip nhrp map 192.168.11.1 216.x.x.x

ip nhrp map multicast 216.x.x.x

ip nhrp network-id 1

ip nhrp holdtime 450

ip nhrp nhs 192.168.11.1

no ip route-cache cef

ip tcp adjust-mss 1360

no ip split-horizon eigrp 1

delay 1000

tunnel source FastEthernet0/0

tunnel destination 216.x.x.x

tunnel key 100000

tunnel bandwidth transmit 100000

tunnel bandwidth receive 100000

!

interface FastEthernet0/0 (WAN)

ip address 65.x.x.x 255.255.255.192

ip pim sparse-mode

load-interval 30

duplex auto

speed auto

!

interface FastEthernet0/1  (LAN)

ip address 128.124.64.1 255.255.248.0

ip pim sparse-mode

ip igmp join-group 239.10.10.10

load-interval 30

duplex auto

speed auto

!

router eigrp 1

network 128.124.0.0

network 192.168.11.0

auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 65.x.x.x

no ip http server

no ip http secure-server

!

!

ip pim rp-address 128.112.64.5 10

!

access-list 10 permit 239.10.0.0 0.0.255.255

snmp-server community public RO

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

DMVPN w/ Multicasting setup/questions

Joe,

You ask the right question.

CPU ultization = CPU consumed by processes + IO operations (in a huge simplification - CEF) 

Typically when a packet is processed by router we expect it to be be processed by CEF, i.e. very fast.

Packet is not processed by CEF:

- when there is something missing to route the packet properly (think missing ARP/CAM entry) i.e. additional lookup needs to be done.

- a feature requests that a packet is for processing/mangling

- Packet is destined to the router

(And several other, but those are the major ones).

When a packet is recived, but cannot be processed by CEF, we "punt the packet to CPU" this in turn will cause the CPU for processes to go up.

Now on the spoke this seems to be the problem:

Spoke#show ip cef switching stati

       Reason                          Drop       Punt  Punt2Host

RP LES Packet destined for us             0       1723          0

RP LES Encapsulation resource             0    1068275          0

There were also some failures on one of the buffer outputs you've attached.

Typically at this stage I would suggest:

1) "Upgrade" the device to 15.0(1)M6 or 12.4(15)T (latest image in this branch) and check if the problem persists there.

2) If it does, swing it by TAC. I don't see any obvious mistakes, but I'm just a guy in a chair same as you ;-)

Marcin

6 REPLIES
Cisco Employee

DMVPN w/ Multicasting setup/questions

Joe,

Where should I start. I'll start puking questions myself :-)

0a) 2811 should be an onboard accelarator module, the module should be capable of handling traffic durng your testing without problem.

0b) Config. Why

no ip route-cache cef

and

tunnel bandwidth transmit 100000

tunnel bandwidth receive 100000

0c) Who's the RP?

1) Maybe more interesting is to check "what is causing the CPU?"

"show proc cpu sort"

"show buff"

2) Interesting. "show buff" and "show adj int" is what I would check if we're not delaying something.

Marcin

New Member

DMVPN w/ Multicasting setup/questions

Marcin, thank you for the reply.

Not sure why i had those extra config statments in there. I've tried a lot of things.   Removed those statements, but doesnt seem to have made a difference.

The RP is the HUB router.  Isnt this all i need for that:

ip pim rp-address 128.112.64.5 10  (HUB's LAN interface)

!

access-list 10 permit 239.10.0.0 0.0.255.255

snmp-server community public RO

Below are the cpu checks.  Not sure what i am looking for here.  IP Input seems to be using the most processing at 39%. Guessing the rest is from the tunnel creation?

http://www.mediafire.com/?pg49n4eym4cyggj,xfjxr78m0k9c4u9

Appreciate the help.

Cisco Employee

DMVPN w/ Multicasting setup/questions

Joe,

Tunnel creation will be done by [C|c]rypto* processes (plus some NHRP and OSPF/EIGRP).

High CPU in "IP input" indicates that traffic you're sending is not being CEF switched (at least some of it).

It's not a problem with adjacencies which seemed to be installed OK.

You need to check what's going on in CEF.

Here this will depend on your version, but "show ip cef switching stati" and "show ip cef switching stati feat" should be the basics to check along with "show cef drop".

Remember to run those DURING testing and take 'em a few times.

Marcin

New Member

DMVPN w/ Multicasting setup/questions

Marcin

Did some more research and I'm not sure what I'm missing regarding CEF.  I have it enabled globally and all interfaces show it enabled.  Why is it that the IP Input cpu and other processes dont add up to the overall cpu? CEF and Cpu stats in files below.

CPU/CEF stats:

http://www.mediafire.com/?afcfc67dut7nwaa,rl56ui3rxmie9wv

Cisco Employee

DMVPN w/ Multicasting setup/questions

Joe,

You ask the right question.

CPU ultization = CPU consumed by processes + IO operations (in a huge simplification - CEF) 

Typically when a packet is processed by router we expect it to be be processed by CEF, i.e. very fast.

Packet is not processed by CEF:

- when there is something missing to route the packet properly (think missing ARP/CAM entry) i.e. additional lookup needs to be done.

- a feature requests that a packet is for processing/mangling

- Packet is destined to the router

(And several other, but those are the major ones).

When a packet is recived, but cannot be processed by CEF, we "punt the packet to CPU" this in turn will cause the CPU for processes to go up.

Now on the spoke this seems to be the problem:

Spoke#show ip cef switching stati

       Reason                          Drop       Punt  Punt2Host

RP LES Packet destined for us             0       1723          0

RP LES Encapsulation resource             0    1068275          0

There were also some failures on one of the buffer outputs you've attached.

Typically at this stage I would suggest:

1) "Upgrade" the device to 15.0(1)M6 or 12.4(15)T (latest image in this branch) and check if the problem persists there.

2) If it does, swing it by TAC. I don't see any obvious mistakes, but I'm just a guy in a chair same as you ;-)

Marcin

New Member

DMVPN w/ Multicasting setup/questions

Marcin

Thanks for the info and help. Looks like i'll have to bring in an expert.  I still think i'm missing something. 

1922
Views
10
Helpful
6
Replies
CreatePlease to create content