TSHOOT Capitulo 7 ingles

8/16/2019 TSHOOT Capitulo 7 ingles

1/129

© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

S!"" v7 Ch#$ter 71

Chapter 7:

Troubleshooting

NetworkPerformance Issues

CCNP TSHOOT: Maintaining an Troubleshooting IP Networks


2/129

Ch#$ter 72© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

Chapter 7 Topics

Troubleshooting !pplication

Networking Ser"ices #!NS$% "vervie&% A'S (#selining ools% 'et)lo& "vervie& #nd Con)ig% IP S*A "vervie& #nd Con)ig% '(A+ "vervie&% S*( "vervie&

% oS #nd Auto-oS "vervie&

Common Issues with Network!pplication Ser"ices

% Common 'et)lo&, IP S*A,'(A+ #nd AutooS Issues

% 'et)lo& shoot /#m$le% IP S*A shoot /#m$le% AutooS shoot /#m$le

Troubleshooting Performance Issues

on Switches% Identi)ying Per)orm#nce Issues% Common PortInter)#ce Issues% u$le/ shoot /#m$le% Auto-I3% shooting CA Problems% shooting !igh CP4 *o#d

% S$#nning-ree Issues% !S+P Issues% Per)orm#nce shooting

/#m$les

Troubleshooting Performance Issues

on %outers% shooting !igh CP4 *o#d% shooting the S&itching P#th% shooting C5% An#ly6ing P#cet 5orrding% shooting +outer emory Issues


3/129


roubleshooting

A$$lic#tion'et&oring

Services


4/129


!pplication Networking Ser"ices #!NS$

Cisco A'S is # com$rehensive $ort)olio o) #$$lic#tion net&oring solutions #nd technologies.

he )ocus o) this section is on Cisco I"S A$$lic#tion Services, #nd on net&or in)r#structureservices #imed #t o$timi6ing #$$lic#tion tr#))ic #s it uses th#t in)r#structure.


5/129

Ch#$ter 7:© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

!NS Optimi&ation C'cle

9-ste$ #$$lic#tion o$timi6#tion cycle #nd Cisco I"S technologies.


6/129

Ch#$ter 7;© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

!NS (aselining an !pplication Optimi&ation

Tools (aselining an the establishment of acceptable network

beha"ior inclues<

% 4nderst#nding #v#il#ble b#nd&idth

% Identi)ying # norm#l $#ttern o) net&or beh#vior such #s net&or del#ys #nd

&h#t #$$lic#tions #re running on the net&or

% 4nderst#nding the beh#vior =#nd re>uirements? o) e#ch #$$lic#tion on thenet&or

% e#suring #$$lic#tion res$onse times

Cisco IOS baselining an application optimi&ation tools<

% 'et5lo& #ccounting

% IP S*As

% 'et&or-(#sed A$$lic#tion +ecognition ='(A+? $#cet ins$ection

% Server lo#d b#l#ncing =S*(?

% oS #nd AutooS


7/129Ch#$ter 7

7© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

Net)low O"er"iew #*+,$

esigned by Cisco #nd no& in version @.

Su$$orted #lso by other vendors lie uni$er.

Bors by cre#ting # 'et5lo& c#che th#t &ill hold

in)orm#tion )or #ll #ctive )lo&s.

Provides services )or IP #$$lic#tions, including<

% 'et&or tr#))ic #ccounting

% 4s#ge-b#sed net&or billing

% 'et&or $l#nning

% Security deni#l-o)-service monitoring

% "ver#ll net&or monitoring


8/129Ch#$ter 7

© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

Net)low O"er"iew #,+,$

A flow is # unidirection#l stre#m o) $#cets, bet&een # given

source #nd # destin#tion, th#t h#ve sever#l com$onents in

common =seven ey )ields?.


9/129Ch#$ter 7

@© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

Net)low Configuration

he 'et5lo& c#che c#n gro& #nd e/h#ust the resources o)

the router.

In)orm#tion c#n be $ushed $eriodic#lly to #n e/tern#l

'et5lo& Collector )or o))line #n#lysis.

Con)iguring 'et5lo& is str#ight)orrd. In the e/#m$le<

% 'et5lo& #ccounting is en#bled )or incoming tr#))ic on inter)#ce 5#00.

% An e/tern#l collector IP #ddress #nd $ort, #long &ith version number,

#re s$eci)ied.

R1(config)# interface Fa0/0R1(config-if)# ip flow ingressR1(config-if)# ip flow egress (a partir de Netflow 9)R1(config-if)# exitR1(config)# ip flow-export version 9R1(config)# ip flow-export destination 1.1.1.1 9991

R1(config)# end


10/129Ch#$ter 7


R1# show ip cache flowIP packet size distribution (85435 total packets)

! Packet "izes

1-3 $4 %$ 18 1$& 1% 4 5$ 88 3& 35 384 41$ 448 48&

'&&& '&&& '&&& '&&& &&& '&&& '&&& '&&& '&&& '&&& '&&& '&&& '&&& '&&& '&&&

51 544 5$ 1&4 153$ &48 5$& 3& 3584 4&%$ 4$&8

'&&& '&&& '&&& '&&& 1'&& '&&& '&&& '&&& '&&& '&&& '&&&

IP lo* "*itc+ing ,ac+e 8544 b.tes

! /u0ber of cti2e lo*s 8 acti2e 1$38 inacti2e 8531& added

4$384 ager polls & flo* alloc failures

cti2e flo*s ti0eout in 3& 0inutes

Inacti2e flo*s ti0eout in 15 seconds

last clearing of statistics ne2er

! Rates and uration

Protocol otal lo*s Packets .tes Packets cti2e ("ec) Idle ("ec)

-------- lo*s 6"ec 6lo* 6Pkt 6"ec 6lo* 6lo*

,P-7 &'& 1 144& 11' &'& %'5,P-ot+er 858& 11' 1 144& 11' &'& 1'&

otal 858 11' 1 144& 11' &'& 1'&

! lo* etails ,ac+e

"rcI "rcIPaddress stIf stIPaddress Pr "rcP stP Pkts

t&6& 13'1'5'$& "e&6& 1%'1$8'1'1 &$ % &&& 1

t&6& 13%'5'&'8 "e&6& 1%'1$8'1'1 &$ &8 &&& 1

t&6& 1$5'1'153'$5 "e&6& 1%'1$8'1'1 &$ ,4$ &&& 1

Net)low Statistics -.ample


11/129Ch#$ter 7


Cisco IP S/! O"er"iew #*+,$

Allo&s con)iguring # router to send synthetic =gener#ted? tr#))ic to

# host com$uter or router th#t h#s been con)igured to res$ond. "ne-y or return tr#vel times #nd $#cet loss d#t# #re g#thered.

itter me#surement d#t# c#n be collected #s &ell.

he results o) IP S*A o$er#tions c#n be tied to other )e#tures o)

the router, #nd trigger #ctions b#sed on the results o) the $robe.

ulti$le IP S*A $robes c#n be run #t the s#me time #nd they hel$

me#suring<

% *#tency

% itter

% Av#il#bility o) services =CP $robes?

% P#cet loss

% P#ths


12/129Ch#$ter 7


Cisco IP S/! O"er"iew #,+,$I"S routers, &ith IP S*A en#bled, $er)orming ho$-by-ho$ #n#lysis, end-

to-end me#surements, #nd $ro#ctive noti)ic#tion =S'P tr#$s? &henrising #nd )#lling thresholds #re crossed.


13/129


14/129


Cisco IP S/! %esponer A sim$le echo $robe does not need # res$onder . I) the echo $#cet

comes b#c, it me#ns success. he Cisco I"S IP S/! %esponer is # com$onent embedded in the

destin#tion Cisco routing device th#t #llo&s the system to #ntici$#te #nd

res$ond to Cisco I"S IP S*A re>uest $#cets.

"nly # Cisco I"S device c#n be # source )or # destin#tion IP S*A

+es$onder. o con)igure IP S*A res$onder, use the i$ sl# res$onder comm#nd #nd

s$eci)y the IP #ddress #nd $ort th#t &ill be used to res$ond. he

com$lete synt#/ o) the comm#nd is sho&n here<

ip sla responder $tcp-connect % dp-echo& ipaddress ip-

address port port-number A)ter #n IP S*A res$onder is #lso con)igured, you c#n use the show ipsla responder comm#nd to dis$l#y in)orm#tion #bout recentsources o) IP S*A control mess#ges, such #s &ho h#s sent recent

control mess#ges #nd &ho h#s sent inv#lid control mess#ges.


15/129


N(!% O"er"iew

Network0(ase !pplication %ecognition #N(!%? is # b#selining #nd tr#))ic-

cl#ssi)ic#tion tool. '(A+ c#n recogni6e #nd cl#ssi)y # &ide v#riety o) #$$lic#tions #nd $rotocols th#t

use dyn#mic CP4P $ort #ssignments.

I) # $#cet m#tches # $#rticul#r #$$lic#tion, you c#n then do things lie m#r those

$#cets &ith $#rticul#r SCP v#lues, r#te-limit those $#cets, or sim$ly dro$ them.

'(A+ c#n be used to ensure th#t net&or b#nd&idth is used e))iciently by

cl#ssi)ying $#cets, #nd then #$$lying oS to the cl#ssi)ied tr#))ic.

Bhen you use the match protocol comm#nd inside # route m#$, you #re

identi)ying the #$$lic#tion using '(A+.

here is # long list o) #$$lic#tions identi)ied by '(A+.

'(A+ $er)orms dee$ $#cet ins$ection u$ to the #$$lic#tion l#yer )or tr#))ic

cl#ssi)ic#tion.

(ec#use '(A+ de$ends on C-), It doesnEt c#use m#Dor $er)orm#nce degr#d#tion

on routers.


16/129


N(!% P1/Ms

he b#se I"S '(A+ )e#ture c#n only be used to cl#ssi)y

$#cets o) no&n #$$lic#tions. escri$tion *#ngu#ge odules =P1/Ms? c#n be u$lo#ded

to m#tch more $rotocols #nd #$$lic#tions.

P*s cont#in the rules th#t #re used by '(A+ to

recogni6e #n #$$lic#tion #nd c#n bring ne& or ch#nged)unction#lity to '(A+.

Fou c#n do&nlo#d # P* )rom Cisco SystemGs &eb site

into your routerGs )l#sh memory #nd lo#d it using the

comm#nd<ip n'ar pdlm flash// pdlm-name'


17/129


S/( O"er"iew I"S-b#sed solution th#t $rovides server lo#d b#l#ncing.

Allo&s the de)inition o) # virtu#l server th#t re$resents # cluster o) re#lservers, no&n #s # server )#rm.

Bh#t h#$$ens inside the server )#rm is tr#ns$#rent to the clients.


18/129


2oS an !uto2oS O"er"iew

Cisco oSAutooS tr#))ic cl#ssi)ic#tion uses '(A+.

Bithin the )r#me&or o) oS, e#ch tr#))ic cl#ss is tre#teddi))erently by the net&or.

Cisco AutooS is #n #utom#tion tool )or de$loying oS $olicies.

5or Cisco AutooS to &or, routers must meet the )ollo&ing

re>uirements<

% C5 must be en#bled on the inter)#ce.

% he inter)#ce =or sub-inter)#ce? must h#ve #n IP #ddress con)igured.

% 5or seri#l inter)#ces =or sub-inter)#ces?, the #$$ro$ri#te b#nd&idth must be

con)igured.% "n $oint-to-$oint seri#l inter)#ces, both sides must h#ve AutooS

con)igured.

% he inter)#ce should not h#ve #ny $rior oS con)igur#tions.


19/129

Ch#$ter 71@© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

!uto2oS !utoisco"er' an Configuration

he ne&er versions o) Cisco AutooS h#ve t&o $h#ses<

Phase * 3 !utoisco"er'% In)orm#tion g#thering #nd b#selining de)ine tr#))ic cl#sses #nd volumesH

% nter the ato discover! qos comm#nd in inter)#ce con)igur#tion mode.

% *et discovery run )or # $eriod o) time #$$ro$ri#te )or b#selining or monitoring

needs. hree d#ys to t&o &ees is the usu#l r#nge.

% he router collects in)orm#tion using '(A+ to cl#ssi)y #nd identi)y tr#))ic #tthe #$$lic#tion l#yer .

% uring the $rocess, you c#n vie& the d#t# collection in $rogress using the

show ato discover! qos comm#nd.

Phase , 3 Configuration

% nter the ato qos comm#nd in inter)#ce con)igur#tion mode.

% his comm#nd uses the in)orm#tion g#thered by #uto-discovery in Ph#se 1 to

#$$ly oS $olicies on the inter)#ce.


20/129


!uto2oS 1isco"er' %esults

S#m$le out$ut o) the oS Autoiscovery tool sho&ing cl#sses,

#$$lic#tions #nd recommended b#nd&idth.


21/129


Common Issueswith Network!pplicationSer"ices


22/129


Common Net)low Issues

Performance issues

*imits might need to be set )or the number o) entries in the

c#che, or the 'et5lo& #ging timers might need tuning. I) the

aging timers #re too high, the t#ble c#n rem#in )ull

continuously. I) the 'et5lo& t#ble re#ches c#$#city, it st#rts

dro$$ing the oldest )lo&s )irst.?

-.port problems

y$ic#lly con)igur#tion errors or re#ch#bility o) the 'et5lo&

Collector or server. #e sure th#t<

% A destin#tion IP #ddress is con)igured #nd it is re#ch#ble.

% he source inter)#ce is u$, h#s #n IPv9; #ddress.


23/129


Common IP S/! Issues

Issues rel#ted to $er)orm#nce #re common bec#use $robes

c#n c#use # burden on the CP4 o) the device.% "verscheduling in the sender

% oo much $robes received in the receiver

Probe scheduling c#n be $roblem#tic i) the cloc on the

device is out o) syncH synchroni6ing through 'P is highlyrecommended.

I) the net&or )#ils or is unst#ble, so &ill be the IP S*As

con)igured.

y$ic#lly, it is the )irells #nd #ccess control mech#nismsth#t )ilter or bloc tr#))ic.


24/129


Common N(!% Issues

'(A+ does not detect tr#))ic th#t uses nonst#nd#rd $orts.

Chec the current '(A+ $ort m#$ using the comm#nd show ip n'ar port- map.

'(A+ #llo&s you to m#$ #ny $ort you &ish using the )ollo&ing comm#nd<

ip n'ar port-map protocol-name tcp % dp* port-number

Another issue th#t #))ects most '(A+ de$loyments is #$$lic#tion su$$ort.

r#))ic going unnoticed by '(A+ #nd not being cl#ssi)ied &ill h#ve im$ort#ntsecurity im$lic#tions.

he solution =J? is to lo#d # P* to u$gr#de the router '(A+ #$$lic#tion

de)inition.

his is simil#r to u$gr#ding #ntivirus so)tre &ith # ne& virus de)inition )ile.

Morale4a

1on5t rel' on N(!% for securit'6 (u' a firewall6


25/129


Common !uto2oS Issues

#ny Cisco AutooS issues rel#te directly to its re>uirements #nd limit#tions.

Is the inter)#ce $ro$erly con)igured &ith #n IP #ddress #nd s$eci)ic =$ro$er?b#nd&idth =seri#l b#nd&idth is not #utosensed.?J

% he con)igured inter)#ce b#nd&idth to en#ble or dis#ble cert#in oS )e#tures such #s

com$ression #nd )r#gment#tion.

!#ve the t&o sides o) # seri#l lin the s#me con)igur#tionJ

% AutooS might en#ble cert#in )e#tures on one side &hile dis#bling them on the other side o)

the s#me lin, &hich c#n c#use *#yer 2 issues #nd bring the inter)#ce do&n.

odi)ying the Cisco AutooS con)igur#tion #)ter the )e#ture h#s been en#bled

c#n c#use or$h#ned comm#nds.

AutooS checlist )or #n inter)#ce<

% IP #ddress

% Pro$er b#nd&idth con)igured

% C5 en#bled

% 'o oS #$$lied to it #lre#dy


26/129


Net)low Troubleshooting -.ample #*+$

'et5lo& Collector server &ith the IP #ddress 10.1.1.10 is

used to collect #nd #ggreg#te 'et5lo& d#t#.

he re$orted $roblem is th#t the 'et5lo& Collector is not

receiving d#t# )rom router +1, one o) the 'et5lo&-en#bled

routers.


27/129


Net)low Troubleshooting -.ample #,+$

roubleshooting checlist<

% 'et&or connectivityJ

% Con)igur#tion in the d#t# source "KJ

4sing the ping comm#nd, you c#n con)irm IP connectivity bet&een +1 #nd

'et5lo& Collector.

It is discovered th#t the 'et5lo& CollectorGs #ddress is 10.1.1.10 #nd the 'et5lo&

$ort number is @@@1.

he show ip flow interface comm#nd veri)ies th#t on router +1, 'et5lo& is

#ctive on inter)#ce seri#l 00 )or ingress tr#))ic.


28/129


R1# show ip cache flow

IP packet size distribution

1-3 $4 %$ 18 1$& 1% 4 5$ 88 3& 35 384 41$ 448 48&

'&&& '$8 '&&& '31 '&&& '&&& '&&& '&&& '&&& '&&& '&&& '&&& '&&& '&&& '&&&

51 544 5$ 1&4 153$ &48 5$& 3& 3584 4&%$ 4$&8 '&&& '&&& '&&& '&&& '&&& '&&& '&&& '&&& '&&& '&&& '&&&

IP lo* "*itc+ing ,ac+e 8544 b.tes

& acti2e 4&%$ inacti2e 1 added

1% ager polls & flo* alloc failures

cti2e flo*s ti0eout in 3& 0inutes

Inacti2e flo*s ti0eout in 15 seconds

IP "ub lo* ,ac+e 1$4& b.tes

& acti2e 1&4 inacti2e 1 added 1 added to flo*

& alloc failures & force free

1 c+unk 1 c+unk added

last clearing of statistics ne2er

Protocol otal lo*s Packets .tes Packets cti2e ("ec) Idle ("ec)

-------- lo*s 6"ec 6lo* 6Pkt 6"ec 6lo* 6lo*

9P-ot+er 11 &'& 1 5 &'& &'& 15'$

I,:P 1 &'& 5 1&& &'& &'1 15'$

otal 1 &'& 1 $ &'& &'& 15'$

Net)low Troubleshooting -.ample #8+$

Chec &hether +1 is e/$orting 'et5lo& #nd i) there #re #ny )lo&s to e/$ort using

theshow ip cache flow

comm#nd on +1. (#sed on the out$ut sho&n, +1 is

collecting d#t#.


29/129


Net)low Troubleshooting -.ample #9+$

R1# show ip flow exportlo* e;port 25 is enabled for 0ain cac+e

;porting flo*s to 1&'1'15'1 (%%%1)

;porting using source interface a&6&


30/129


R1(config)# no ip flow-export destination 10.1.1+".1 9991

R1(config)# ip flow-export destination 10.1.1.10 9991

R1(config)# no ip flow-export sorce Fa0/0

R1(config)# ip flow-export sorce ,o0/0

R1(config)# end

R1#

R1# show ip flow export

lo* e;port 25 is enabled for 0ain cac+e

;porting flo*s to 1&'1'1'1& (%%%1)

;porting using source interface >oopback&

2ersion 5 flo* records

% flo*s e;ported in udp datagra0s

& flo*s failed due to lack of e;port packet

5 e;port packets *ere sent up to process le2el

& e;port packets *ere dropped due to no fib

& e;port packets *ere dropped due to ad=acenc. issues

& e;port packets *ere dropped due to frag0entation failures

& e;port packets *ere dropped due to encapsulation fi;up failures

Net)low Troubleshooting -.ample #+$

Correct the 'et5*o& CollectorGs #ddress #nd IP 'et5lo&Gs source

inter)#ce. Leri)y the con)igur#tion using the show ip flow export comm#nd #g#in.


31/129


32/129


R1# show ip sla monitor configration" gent Infrastructure ngine-II

ntr. nu0ber 1

?*ner

ag

.pe of operation to perfor0 tcponnectarget address 10."+.0.""ource address &'&'&'&

arget port "00""ource port &?peration ti0eout (0illiseconds) $&&&&

.pe of ser2ice para0eters &;&

,ontrol packets enabled?peration fre@uenc. (seconds) 00/e;t "c+eduled "tart i0e 35%&&

Aroup "c+eduled >"

>ife (seconds) ore2erntr. geout (seconds) ne2er

Recurring ("tarting 2er.da.) >"

"tatus of entr. ("/:P Ro*"tatus) cti2e+res+old (0illiseconds) 5&&&

/u0ber of statistic +ours kept

IP S/! Troubleshooting -.ample #,+$

4se the show ip sla monitor configration comm#nd on +1,

the S*A sender. he out$ut dis$l#ys correct in)orm#tion #bout $robenumber 1.


33/129


R1# show rn % section ip slaip sla 0onitor 1

t.pe tcp,onnect dest-ipaddr 1&'54'&' dest-port &&

fre@uenc. $&&

ip sla 0onitor sc+edule 1 life fore2er start-ti0e 35%&& "ep 1&

ip sla 0onitor

t.pe ec+o protocol ipIc0pc+o 1&'%'%'1 source-interface ast+ternet&6&

ip sla 0onitor sc+edule life fore2er start-ti0e no*

ip sla 0onitor 3

t.pe udpc+o dest-ipaddr 1&'1'1'1&& dest-port 54

ip sla 0onitor sc+edule 3 life fore2er start-ti0e no*

IP S/! Troubleshooting -.ample #8+$

4sing the show rn % section ip sla comm#nd on +1. 'otice th#t

the $robe s su$$osed to st#rt #t 28


34/129


IP S/! Troubleshooting -.ample #9+$

A chec o) the 'P st#tus on +1 indic#tes it is not synchroni6ed &ith the

'P server =+2?. Con)igure +2 #s the nt$ m#ster #nd the $roblem iscorrected.

R1# show ntp stats

,lock is uns.nc+ronized stratu0 1$ no reference clock

no0inal fre@ is 5&'&&&& Bz actual fre@ is 5&'&&&& Bz precision is CC18

reference ti0e is ,334%',3%313 (1$3313'$3 9, :on ug 4 &&%)clock offset is 1'4%1 0sec root dela. is '%% 0sec

root dispersion is 1'$8 0sec peer dispersion is &'41 0sec

R(config)# ntp master 1

R(config)# end

R1# show ntp stats,lock is s.nc+ronized stratu0 reference is 1&'54'&'

no0inal fre@ is 5&'&&&& Bz actual fre@ is 5&'&&&& Bz precision is CC18

reference ti0e is ,54,'1%,8&% (14813'1&& 9, ri "ep 11 &&%)

clock offset is &'48 0sec root dela. is '8 0sec

root dispersion is 85'5$ 0sec peer dispersion is 85'&8 0sec


35/129


R1# sh ip sla monitor statsRound trip ti0e (R) Inde; 1

>atest R & 0s

>atest operation start ti0e 14311'&83 9, Ded "ep 1 &1&>atest operation return code ?k

/u0ber of successes 1

/u0ber of failures &

?peration ti0e to li2e ore2er

IP S/! Troubleshooting -.ample #+$

he show ip sla monitor statistics results indic#te th#t S*A

monitor 1 h#s st#rted &ith the return code o) o #nd there h#s been 1success #nd no )#ilures.


36/129


!uto2oS Troubleshooting -.ample #*+$

he connection bet&een routers +1 #nd +2 is do&n

!o&ever, the service $rovider m#int#ins th#t the b#cbone

service is )ully o$er#tion#l.


37/129


!uto2oS Troubleshooting -.ample #,+$

R1# sh ip int 'riefInterface IP-ddress ?EF :et+od "tatus Protocol

astt+ernet&6& unassigned G" unset up up

astt+ernet&61 unassigned G" unset ad0inistrati2el. do*n do*n"erial&6&6& 1'1$'1'1 G" unset up do*nR1#

he show ip interfaces 'rief comm#nd indic#tes th#t Seri#l

000 is u$, but the line $rotocol is do&n. Fou determine th#t theenc#$sul#tion o) Seri#l 000 is con)igured )or !*C but it should be PPP.


38/129


R1(config)# int s0/0/0

R1(config-if)# encapslation ppp

R1(config-if)# shtdown

R1(config-if)# no shtdown

"ep 11 14448'1$4 H>I/E-H-,B/A Interface "erial&6&6& c+anged state to

ad0inistrati2el. do*n

R1(config-if)# end

R1#

"ep 11 14443&'%84 H"G"-5-,?/IAI ,onfigured fro0 console b. console

"ep 11 14443'35$ H>I/E-3-9P?D/ Interface "erial&6&6& c+anged state to up

"ep 11 144433'3$4 H>I/PR??-5-9P?D/ >ine protocol on Interface "erial&6&6&

c+anged state to up

R1#

R1# ping 1".1.1."

.pe escape se@uence to abort'

"ending 5 1&&-b.te I,:P c+os to 1'1$'1' ti0eout is seconds

!!!!!

"uccess rate is 1&& percent (565) round-trip 0in6a2g60a; J 86868 0s

!uto2oS Troubleshooting -.ample #8+$

Ch#nge the enc#$sul#tion on +1 )or inter)#ce S000 to PPP #nd S000Gs

line $rotocol st#tus ch#nges to 4P. A $ing )rom +1 to +2 veri)ies end-to-end connectivity.


39/129



Bhy s the enc#$sul#tion on +1 S000 ch#nged )rom PPP to !*CJ

Someone tried to en#ble AutooS on this inter)#ce #nd tried to remove it but

the circuit rem#ined do&n.

Bhen AutooS s removed, the inter)#ce enc#$sul#tion s ch#nged b#c

to the seri#l inter)#ce de)#ult, &hich is !*C.

Ch#nging the enc#$sul#tion to PPP restored connectivity but &e still need tom#e use o) AutooS on this inter)#ce.


40/129


R1(config)# int s0/0/0

R1(config-if)# ato discover! qos utoKos disco2er. alread. running

R1(config-if)#

R1(config-if)# ato qos voipR1(config-if)#

"ep 1 14554'141 H>I/E-3-9P?D/ Interface :ultilink&&11&&115 c+anged

state to do*n

"ep 1 14555'3 HR:?/-5->>I/ARP alling trap is generated because

t+e 2alue of cbKos,:ropitRate'131'131% +as fallen belo* t+e

falling-t+res+old 2alue &

!uto2oS Troubleshooting -.ample #+$

n#bling AutooS on +1Gs Seri#l 000 inter)#ce gener#tes #n error.

*oos lie AutooS #ttem$ted to set the multilin )e#ture on S000

#nd th#t )#iled.


41/129


R1# sh rn int s0/0/0

uilding configurationL

,urrent configuration b.tes

!

interface "erial&6&6& band*idt+ &&

no ip address

ip nbar protocol-disco2er.

ip flo* ingress

encapsulation ppp

auto @os 2oip

auto disco2er. @os no fair-@ueue

ppp 0ultilink

ppp 0ultilink group &&11&&115

ser2ice-polic. input "

ser2ice-polic. output "

end

!uto2oS Troubleshooting -.ample #;+$

Seri#l000Gs b#nd&idth is mist#enly set to 200 b$s inste#d o) 2 b$s.


42/129



A)ter )i/ing the b#nd&idth, re#$$lying AutooS is still

unsuccess)ul.

R1(config)# int s0/0/0R1(config-if)# no ato qosH ,annot disable 0ultilink on a 0ultilink group interface

H /ot all config 0a. be re0o2ed and 0a. reappear after reacti2ating t+e

>ogical-interface6sub-interfacesR1(config-if)# 'andwidth "000R1(config-if)# ato qosPolic. 0ap " is alread. attac+ed

utoKo" rror t+e follo*ing co00and *as not properl. applied ser2ice-polic.

output utoKo"-Polic.-9nrustR1(config-if)# end R1#

"ep 1 145$4%'3% H>I/E-3-,B/A Interface :ultilink&&11&&115 c+angedstate to ad0inistrati2el. do*n

"ep 1 145$5&'&5 H"G"-5-,?/IAI ,onfigured fro0 console b. console


43/129


!uto2oS Troubleshooting -.ample #+$

he +1 running con)igur#tion sho&s # service $olicy c#lled S #$$lied to

Seri#l 000 inter)#ce )or both inbound #nd outbound tr#))ic. Fou must remove those lines, reset enc#$sul#tion b#c to PPP, #nd then

re#$$ly AutooS.

his time AutooS succeeds, #nd the inter)#ce st#ys u$ #nd $ings )rom +1 to

+2 succeed.

Kee$ in mind th#t you c#n only remove $olicies #)ter veri)ying they #re notnecess#ry.

The T-ST polic' was put in place for testing purposes but was not

remo"e upon test completion.


44/129


Troubleshooting

PerformanceIssues on Switches


45/129


46/129


Ientif'ing Switch Performance Issues #,+$

Although there #re di))erences bet&een the h#rdre

#rchitectures #mong v#rious C#t#lyst s&itch )#milies, #lls&itches include the )ollo&ing com$onents<

% Interfaces: 4sed to receive #nd tr#nsmit )r#mes.

% )orwaring harware: Consists o) t&o elements<

% !#rdre th#t im$lements the decision-m#ing logic th#t is necess#ry to

re&rite # )r#me #nd )orrd it to the correct inter)#ce

% A b#c$l#ne to c#rry )r#mes )rom the ingress inter)#ce to the egress

inter)#ce.

% Control plane harware< /ecutes the $rocesses th#t #re $#rt o) the

o$er#ting system.


47/129


Ientif'ing Switch Performance Issues #8+$

Bhen you )ind indic#tions o) $#cet loss on # s&itch, the

)irst $l#ce to loo is usu#lly the out$ut o) the sho& inter)#cecomm#nd.

his out$ut sho&s $#cet st#tistics including v#rious error

counters.

"n s&itches, t&o #ddition#l comm#nd o$tions #resu$$orted th#t #re not #v#il#ble on routers<

show interfaces interface-id conters

% his comm#nd dis$l#ys the tot#l numbers o) in$ut #nd out$ut unic#st,

multic#st #nd bro#dc#st $#cets #nd the tot#l in$ut #nd out$ut byte

counts.

show interfaces interface-id conters errors

% his comm#nd dis$l#ys the error st#tistics )or e#ch inter)#ce.


48/129


Ientif'ing Switch Performance Issues #9+$

P#r#meters re$orted by the show interfaces interface-id

conters errors comm#nd .

%eporte Parameter 1escription

lign-rr 5r#mes &ith #lignment errors ending in uneven numbero) octets #nd h#ve b#d C+C, received on the $ort.

,"-rr 5r#mes &ith v#lid si6e &ith 5r#me Chec Se>uence=5CS? errors but no )r#ming errors.

70it-rr andRc2-rr

Indic#tes the intern#l $ort tr#nsmit =/? or receive =+/?bu))ers #re )ull.

9ndersize 5r#mes received th#t #re sm#ller th#n the minimumI 02.8 )r#me si6e o) ;9 bytes.

"ingle-,ol 'umber o) times one collision occurs be)ore the $orttr#nsmits # )r#me to the medi# success)ully.

:ulti-,ol 'umber o) times multi$le collisions occur be)ore the $orttr#nsmits # )r#me to the medi# success)ully.


49/129

Ch#$ter 7:0© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

Ientif'ing Switch Performance Issues #+$

P#r#meters re$orted by the show interfaces interface-id

conters errors comm#nd - Cont.

%eporteParameter

1escription

>ate-,ol 'umber o) times th#t # collision is detected on # $#rticul#r$ort l#te in the tr#nsmission $rocess.

;cess-,ol Count o) )r#mes tr#nsmitted on # $#rticul#r $ort, &hich )#ildue to e/cessive collisions.

,arri-"en "ccurs every time #n thernet controller nts to send d#t#on # h#l)-du$le/ connection.

Runts 5r#mes received th#t #re sm#ller th#n the minimum I02.8 si6e =;9 bytes?, #nd &ith # b#d C+C.

Aiants 5r#mes th#t e/ceed the m#/imum I 02.8 si6e =1:1bytes?, #nd h#ve # b#d 5CS.


50/129


Common Switch Port+Interface Issues

Common interface an wiring $roblems #nd their remedies<

'o c#ble connected. Brong $ort.

evice h#s no $o&er.

Brong c#ble ty$e.

(#d c#ble.

*oose connections.

P#tch $#nels< (y$#ss the $#tch $#nel i) $ossible to rule it out #s

the $roblem.

edi# converters< (y$#ss the medi# converter i) $ossible to rule

it out #s the $roblem.

(#d or &rong gig#bit inter)#ce converter =M(IC?.


51/129


Troubleshooting -.ample: 1uple. #*+8$

he user on PC1 h#s com$l#ined th#t tr#ns)erring l#rge )iles to S+L1 t#es

hours. he m#/imum through$ut the user c#n e/$ect is 100 b$s bet&een the client

#nd the server.

r#ns)er o) 1 M( o) d#t# #t the r#te o) 100 b$s should t#e #$$ro/im#tely 0

seconds =not )#ctoring overhe#d?.

Potential e.planations< Congestion on the net&or or under$er)ormingh#rdre or so)tre on the client, net&or, or server .

Aver#ge lo#d on the lins in the $#th h#s not been higher th#n :0 $ercent over

the l#st )e& hours, ruling out congestion #s the c#use.


52/129


231# show interface Fast4thernet 0/1 % inclde dplex ull-duple; 1&&:b6s 0edia t.pe is 1&61&&ase 7

231# show interfaces Fast4thernet 0/1 conters errors

Port lign-rr ,"-rr 70it-rr Rc2-rr 9nder"ize ?utiscardsa&61 & 1$18 & 1$$ & &

Port "ingle-,ol :ulti-,ol >ate-,ol ;cess-,ol ,arri-"en Runts Aiants

a&61 & & & & & & 44

Troubleshooting -.ample: 1uple. #,+8$


53/129


231# show interface Fast4thernet 0/1 % inclde dplex Balf-duple; 1&:b6s 0edia t.pe is 1&61&&ase 7

231# show interfaces Fast4thernet 0/1 conters errors

Port lign-rr ,"-rr 70it-rr Rc2-rr 9nder"ize ?utiscardsa&61 & & & & & &

Port "ingle-,ol :ulti-,ol >ate-,ol ;cess-,ol ,arri-"en Runts Aiants

a&61 $$4 14 1$% & & & 44

Troubleshooting -.ample: 1uple. #8+8$


54/129

Ch#$ter 7::© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

,"D1(config)# interface Fast4thernet 0/1,"D1(config-if)# shtdown,"D1(config-if)# speed ato

,"D1(config-if)# dplex ato,"D1(config-if)# mdix ato,"D1(config-if)# no shtdown,"D1(config-if)# end

!utomatic meium0epenent interface

crosso"er #!uto0M1I


55/129

Ch#$ter 7:;© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

,"D1# show interface Fast4thernet 0/1 transceiver propertiesiagnostic :onitoring is not i0ple0ented

/a0e a&61

d0inistrati2e "peed atod0inistrati2e uple; atod0inistrati2e uto-:I7 ond0inistrati2e Po*er Inline /6

?perational "peed 1&&

?perational uple; full

?perational uto-:I7 on

:edia .pe 1&61&&ase7

!utomatic meium0epenent interface

crosso"er #!uto0M1I


56/129


Switch )orwaring Harware

5orrding h#rdre #lys consists o) t&o m#Dor com$onents<

(ackplane<% he b#c$l#ne c#rries tr#))ic bet&een inter)#ces.

% (#c$l#ne h#rdre c#n be b#sed on # ring, bus, sh#red memory, crossb#r

)#bric, or # combin#tion o) these.

1ecision0making logic<

% 5or e#ch incoming )r#me, the decision-m#ing logic determines &hether to)orrd the )r#me or disc#rd it.

% 5or )orrded )r#mes the decision-m#ing logic $rovides the in)orm#tion th#t

is necess#ry to re&rite #nd )orrd the )r#me #nd m#y t#e other #ctions

such #s the $rocessing o) #ccess-lists or >u#lity o) service =oS? )e#tures.

he b#c$l#ne o) # s&itch is designed )or very high s&itching c#$#city. Leryr#rely c#uses #ny issue.

he c#$#city o) the lins bet&een the devices is norm#lly the limiting )#ctor in

through$ut, not the c#$#city o) the b#c$l#nes o) the s&itches.


57/129


Troubleshooting TC!M Problems #*+$

he decision-m#ing logic o) # s&itch h#s # signi)ic#nt im$#ct on

its $er)orm#nce. he logic consists o) s$eci#li6ed high $er)orm#nce loou$

memory, the tern#ry content-#ddress#ble memory =CA?.

he control $l#ne in)orm#tion necess#ry to m#e )orrding

decisions, such #s AC #ddress t#bles, routing in)orm#tion,

#ccess list in)orm#tion, #nd oS in)orm#tion, build the content o)the CA.

I) )r#mes c#nnot be )orrded by the CA, they &ill be h#nded

o)) =$unted? to the CP4 )or $rocessing.

(ec#use the CP4 is #lso used to e/ecute the control $l#ne$rocesses, it c#n only )orrd tr#))ic #t cert#in r#te.

I) # l#rge #mount o) tr#))ic is $unted to the CP4, the through$ut

)or the tr#))ic concerned &ill decre#se.


58/129

Ch#$ter 7:@© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

Troubleshooting TC!M Problems #,+$

r#))ic might be h#ndled by the CP4 )or m#ny re#sons<

P#cets destined )or #ny o) the s&itch IP #ddresses. /#m$les includeelnet, SS!, or S'P $#cets destined )or one o) the s&itch IPs.

ultic#sts #nd bro#dc#sts )rom control $l#ne $rotocols such #s the SP

or routing $rotocols.

P#cets th#t c#nnot be )orrded by the CA bec#use # )e#ture is

not su$$orted in h#rdre. =5or e/#m$le, M+ tunnel $#cets?.

P#cets th#t c#nnot be )orrded in h#rdre bec#use the CA could

not hold the necess#ry in)orm#tion.

% /#m$le< I) you h#ve too m#ny IP routes or too m#ny #ccess list entries,

some o) them might not be inst#lled in the CA, #nd #ssoci#ted $#cetsc#nnot be )orrded in h#rdre.

% his is the most liely c#use o) $er)orm#nce $roblems on # s&itch.


59/129

Ch#$ter 7;0© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

Troubleshooting TC!M Problems #8+$ he CA is divided into se$#r#te #re#s, e#ch o) &hich h#s limits.

"n the C#t#lyst 8:;0 #nd 87:0 series s&itches, the #lloc#tion o) CA s$#ce is b#sed on

# s&itch d#t#b#se m#n#ger =S? tem$l#te. em$l#tes other th#n the de)#ult c#n be selected to ch#nge the #lloc#tion o) CA

resources to better )it the role o) the s&itch in the net&or.

he e/#m$le sho&s th#t the m#/imum number o) m#ss #nd v#lues th#t c#n be #ssigned

to IPv9 not directly connected routes #re 272 #nd 217;.

Bhen the v#lues in the 4sed column get close to the v#lues in the #/ column, there

might be e/tr# lo#d on the CP4 bec#use o) # )#iled #lloc#tion o) CA resources.

,"D1# show platform tcam tili5ation

,: 9tilization for "I,# & :a; 9sed

:asks6


60/129


61/129


Troubleshooting TC!M Problems #+$ CA utili6#tion #nd e/h#ustion $roblems c#n be #llevi#ted by reducing

the #mount o) in)orm#tion )ed by the control $l#ne into CA<% +oute summ#ri6#tion

% +oute )iltering

% Access list =$re)i/ list? o$timi6#tion.

Mener#lly, CA is not u$gr#de#ble, so either reduce the in)orm#tion

th#t needs to be $rogr#mmed into the CA or buy # better s&itch,

&hich c#n h#ndle more CA entries.

"n some s&itches, such #s the C#t#lyst 8:;0 #nd 87:0 series, the

#lloc#tion o) CA s$#ce #mong the di))erent )e#tures c#n be ch#nged.

5or e/#m$le, i) you #re de$loying # s&itch &here it is #lmost e/clusively

involved in *#yer 8 s&itching #nd very little *#yer 2 s&itching, you c#n

choose # di))erent tem$l#te th#t s#cri)ices AC #ddress CA s$#ce in

)#vor o) IP route entries.

C t l Pl T bl h ti Hi h CP= / S it h #*+9$


62/129


Control Plane: Troubleshooting High CP= /oa on Switches #*+9$

"n # s&itch, the CP4 lo#d is not directly rel#ted to the

tr#))ic lo#d.

he bul o) the tr#))ic is s&itched in h#rdre by CA #nd

CP4 lo#d is o)ten lo& even &hen the s&itch is )orrding #

l#rge #mount o) tr#))ic. *o&- to mid-r#nge s&itches use the s#me CP4 )or $#cet

)orrding th#t is #lso used )or control $l#ne )unctions.

I) the tr#))ic goes u$ the CP4 lo#d &ill.

he comm#nd to dis$l#y the s&itch CP4 lo#d is show processes cp =the s#me comm#nd used in routers?.

T bl h i Hi h S i h CP= / #,+9$


63/129


Troubleshooting High Switch CP= /oa #,+9$

In this e/#m$le the s&itch consumed 28 $ercent o) the #v#il#ble CP4 cycles

over the $#st : seconds.

") those, 1 $ercent o) CP4 cycles &ere s$ent on interru$t $rocessing. #ny

interru$ts me#n the CA t#bles #re not &oring $ro$erly.

A $ercent#ge bet&een 0 $ercent #nd 10 $ercent is #cce$t#ble.

Bhen CP4 time )or interru$t mode is #bove 10 $ercent, investig#te the c#use.

In gener#l, #n #ver#ge tot#l CP4 lo#d o) :0 $ercent #nd tem$or#ry bursts to100 $ercent #re not $roblem#tic.

,"D1#show processes cp sorted

,P9 utilization for fi2e seconds 3H618H one 0inute 4H fi2e 0inutes 1H

! 3H 4H and 1H indicate total ,P9 spent on processes and interrupts

(packet s*itc+ing)' 18H indicates ,P9 spent on interrupts (packet s*itc+ing)

PI Runti0e(0s) In2oked u"ecs 5"ec 1:in 5:in G Process

1& 384%1 1$3%41 35 &'4H &'35H &'3H & IP Input

$3 84$ 544%551 1 &'31H &'5H &'33H & B>: address lea

4 1&1$$ 141&$$5 &'15H &'&H &'&4H & B"RP IP24

4 15$5%% 1$4% 33 &'&&H &'&H &'&5H & ,+eck +eaps

Noutput o0ittedO

T bl h ti Hi h S it h CP= / #8+9$


64/129

Ch#$ter 7;:© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

Troubleshooting High Switch CP= /oa #8+9$

he )ollo&ing events c#use s$ies in the CP4 utili6#tion<

Processor intensi"e Cisco IOS commans<% show tech-spport

% de'g

% show rnning-configration

% cop! rnning-config startp-config

% write memor!

%outing protocol upate processing<

% A *#yer 8 s&itch $#rtici$#ting in # routing $rotocol might e/$erience $e#s in

CP4 us#ge &hen m#ny routing u$d#tes #re received.

SNMP polling<

% uring S'P discoveries or other bul tr#ns)ers o) S'P in)orm#tion by #

net&or m#n#gement system, the CP4 c#n tem$or#rily $e# to 100 $ercent.

% Bhen the CP4 is high #nd S'P is en#bled, #lys double-chec the

con)igur#tion #nd )ind out i) too m#ny d#t# $olls #re being e/ecuted.

T bl h ti Hi h S it h CP= / #9+9$


65/129

Ch#$ter 7;;© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

,"D1# show processes cp sorted +min

,P9 utilization for fi2e seconds 3H64H one 0inute 3H fi2e 0inutes $H


1& 4%55 13$%5 85 '5H &'5H 15'4%H & IP Input

%5 8&% $%3 11$8 &'&&H &'&&H &'41H & ;ec

4 1&1$$ 141&$$5 &'15H &'15H &'&%H & B"RP IP24

4 158%%8 1%3 4% &'&&H &'&$H &'&5H & ,+eck +eaps

Noutput o0ittedO

Troubleshooting High Switch CP= /oa #9+9$

In the e/#m$le the IP In$ut $rocess is res$onsible )or most o) the CP4 lo#d.

he IP In$ut $rocess is res$onsible )or #ll IP tr#))ic th#t is not h#ndled by

CA or )orrded in interru$t mode. =)or e/#m$le, ICP mess#ges?

"ther $rocesses th#t c#n be res$onsible )or high CP4 lo#d<

% IP !%P< his $rocess h#ndles A+P re>uests.

%SNMP -ngine< his $rocess is res$onsible )or #ns&ering S'P re>uests.

% I>MPSN< his $rocess is res$onsible )or Internet Mrou$ #n#gement Protocol =IMP?

snoo$ing #nd $rocesses IMP $#cets.

S i T I #*+,$


66/129


Spanning0Tree Issues #*+,$ An ill-beh#ving inst#nce o) SP might slo& do&n the net&or #nd the

s&itch.

he im$#ct is th#t the s&itch might dro$ its (P4s, #nd #s # result go

into *istening st#te.

% 4nneeded re-convergence $h#ses th#t le#d to even more congestion #nd

$er)orm#nce degr#d#tion.

% o$ology loo$s. I) one or more s&itches no longer receive or $rocess (P4s,

they &ill not be #ble to discover the net&or to$ology. 5looded tr#))ic &ill

circul#te over the loo$ed to$ology, consume b#nd&idth, #nd result in high

CP4 utili6#tion.

"ther SP situ#tions include issues rel#ted to c#$#city $l#nning.

% Per-L*A' S$#nning ree Plus =PLSN? cre#tes #n inst#nce o) the $rotocol

)or e#ch L*A'. Processing m#ny L*A' inst#nces is # burden to the CP4.

% he CP4 time utili6ed by SP v#ries de$ending on the number o) s$#nning-

tree inst#nces #nd the number o) #ctive inter)#ces. he more inst#nces #nd

the more #ctive inter)#ces, the gre#ter the CP4 utili6#tion.

S i T I #,+,$


67/129


Spanning0Tree Issues #,+,$ 1on5t allow automatic selection of root briges, or

severe tr#))ic $er)orm#nce issues might #$$e#r.

Select the design#ted or bloced $orts in such # y th#t

#llo&s )or lo#d sh#ring #cross the in)r#structure.

y$ic#l issue is &hen #n #ccess s&itch is selected #s the

root. A high-b#nd&idth lin bet&een s&itches might go into

(locing st#te, or the sim$le #ccess s&itch might become #

tr#nsit $oint #nd be )looded #nd over&helmed.

HS%P I


68/129

Ch#$ter 7;@© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

HS%P Issues

Common !S+P-s$eci)ic issues include<

% 1uplicate HS%P stanb' IP aresses: his $roblem ty$ic#lly occurs&hen both s&itches in the !S+P grou$ go into the #ctive st#te. A

v#riety o) $roblems c#n c#use this beh#vior, including moment#ry SP

loo$s, therCh#nnel con)igur#tion issues, or du$lic#ted )r#mes.

% Constant HS%P state changes: hese ch#nges c#use net&or$er)orm#nce $roblems, #$$lic#tion timeouts, #nd connectivity

disru$tion. Poor selection o) !S+P timers, such #s hello #nd hold time,

in the $resence o) )l#$$ing lins or h#rdre issues, c#n c#use the

st#te ch#nges.

% Missing HS%P peers: I) #n !S+P $eer is missing, the )#ult toler#nce

o))ered by !S+P is #t st#e. he $eer m#y only #$$e#r #s missing

bec#use o) net&or $roblems.


69/129

S it h P f I * #,+$


70/129


Switch Performance Issue * #,+$ A b#seline could hel$ com$#re current net&or $er)orm#nce #g#inst $ervious

$er)orm#nce.

In this c#se, &e h#ve # sim$le scen#rio &ith one s&itch, one PC #nd one )ileserver.

I) there is degr#d#tion o) $er)orm#nce, it h#s to be occurring bet&een the PC

#nd the s&itch, &ithin the s&itch, or bet&een the s&itch #nd the )ile server .

'o other users #re com$l#ining #bout do&nlo#d s$eed &hich might le#d you to

believe th#t this $roblem might be bet&een the PC #nd the s&itch.

S itch Performance Iss e * #8+$


71/129


Switch Performance Issue * #8+$ "ver the &eeend the m#inten#nce te#m m#de ch#nges, #nd PCs &ere connected to di))erent

$orts.

he PC #nd the )ile server #re in the s#me L*A' m#ing it unliely th#t the issue stems )rom thes&itch itsel).

(ec#use both devices #re in the s#me L*A', s&itching occurs in h#rdre, #nd should be very

)#st.

Con)irm the PC #nd )ile server connection to the s&itch using the show interfaces comm#nd.

he out$ut con)irms th#t the inter)#ces connecting to the PC #nd the )ile server #re u$ #nd line

$rotocol is u$.

Aigabitt+ernet&6 is up line protocol is up (connected)

Bard*are is Aigabit t+ernet address is &&3'5d&8'5$8 (bia

&&3'5d&8'5$8) escription to ne* P,

Noutput o0ittedO

Aigabitt+ernet&65 is up line protocol is up (connected)

Bard*are is Aigabit t+ernet address is &&3'5d&8'5$85 (bia&&3'5d&8'5$85)

escription to file ser2er

Noutput o0ittedO

Switch Performance Issue * #9+$


72/129



4se the show controller tili5ation comm#nd to

chec the b#nd&idth utili6#tion on the $orts connecting tothe client =$ort Mi02? #nd the server =$ort Mi0:?.

he l#rge discre$#ncy in the +3 #nd 3 use on the user

$ort =Mi02? is bec#use the tr#))ic is mostly )ile do&nlo#ds.

he user is receiving much more th#n he is sending. Mi0: on the other h#nd sho&s no b#nd&idth use.

"*itc+# show controller g0/" tili5ationRecei2e and*idt+ Percentage 9tilization

rans0it and*idt+ Percentage 9tilization $

"*itc+# show controller g0/+ tili5ationRecei2e and*idt+ Percentage 9tilization &

rans0it and*idt+ Percentage 9tilization &

Switch Performance Issue * #+$


73/129


"*itc+# clear conters g0/",lear Qs+o* interfaceQ counters on t+is interface confir0S"*itc+#

"*itc+# show interface g0/" accontingAigabitt+ernet&6 to ne* P,

Protocol Pkts In ,+ars In Pkts ?ut ,+ars ?ut

?t+er & & $ 3$& "panning ree & & 3 1%&

,P & & 1 3%


Cle#r the counters )or the user inter)#ce =Mi02?, #nd #s the user to

st#rt # do&nlo#d so th#t you c#n monitor the $er)orm#nce. Bhile the do&nlo#d runs issue the show interface acconting,

&hich sho&s &h#t ind o) tr#))ic is going through the inter)#ce.

he out$ut in the e/#m$le sho&s some SP $#cets, CP $#cets, #nd

others.

here is not # lot o) #ctivity, so you do not e/$ect # loo$ or s$#nning-tree issue.

he tr#))ic bottlenec must come )rom d#t# itsel).


74/129



75/129


"*itc+# show interface g0/" % inclde dplex

Balf-duple; 1&:b6s 0edia t.pe is 1&61&&61&&&ase7"*itc+#


he PCs #re ne& enough to su$$ort )ull du$le/, so there

should not be #ny collisions. Leri)y the s&itch inter)#ce )or $#r#meters such #s s$eed

#nd du$le/ setting.

he results belo& reve#l th#t the inter)#ce is set to h#l)

du$le/ #nd 10 b$s. his could be either # con)igur#tion mist#e or due to #uto-

negoti#tion &ith the PC.



76/129


"*itc+# show rn interface g0/"uilding configurationL

,urrent configuration 1$$ b.tes

!

interface Aigabitt+ernet&6

description to ne* P,

s*itc+port access 2lan 5&

s*itc+port 0ode access

speed 1&

duple; +alf

0ls @os trust cos

no 0di; auto

end


he running con)igur#tion )or the s&itch inter)#ce reve#ls th#t it is

m#nu#lly con)igured.

PCs &ere moved over the &eeend. Perh#$s the device th#t s

once connected to this $ort re>uired h#l) du$le/ #nd 10 b$s.

+econ)igure the inter)#ce to #uto s$eed #nd #uto du$le/ settings

#nd con)irm &ith the user th#t this h#s resolved the issue.

Switch Performance Troubleshooting Issue ,:


77/129


Switch Performance Troubleshooting Issue ,:-.cessi"e (roacasts #*+$ A user re$orts th#t sometimes he c#nnot connect to the net&or #t #ll #nd his

PC &ill not even get #n IP #ddress. "ther times, he is #ble to connect, but the connection is o) $oor >u#lity

=e/$eriencing slo& do&nlo#ds #nd connection timeouts?.

he issue seems to h#ve st#rted # )e& d#ys #go #nd is does not consistently

occur #ll d#y.

Sever#l other users h#ve #lso re$orted the issue #nd they #ll connect to thes#me s&itch.

he most logic#l #$$ro#ch is O)ollo& the $#th.

Switch Performance Issue , #,+$


78/129


Switch Performance Issue , #,+$

St#rt troubleshooting #t $ort Mi02 &here the user is connected, by checing the

s$eed #nd du$le/ setting #nd controller utili6#tion. he results #re sho&n belo&

he $ort is o$er#ting #t )ull du$le/ #nd 1000 b$s. he show controllers g0/" tili5ation comm#nd dis$l#ys # ne#r 0 $ort

utili6#tion.

Leri)y th#t the PC is #ctu#lly connected &ith the show interfaces comm#ndreve#ls th#t the inter)#ce is u$ #nd line $rotocol is u$, #nd the st#tistics seem

norm#l.

"*itc+# show interface g0/" % inc dplex ull-duple; 1&&&:b6s 0edia t.pe is 1&61&&61&&&ase7

"*itc+# show controllers g0/" tili5ationRecei2e and*idt+ Percentage utilization &

rans0it and*idt+ Percentage utilization &

"*itc+# show interface g0/"Aigabitt+ernet&6 is up line protocol is up (connected)

Bard*are is Aigabit t+ernet address is &&3'5d&8'5$8 (bia &&3'5d&8'5$8)

escription to ne* P,

:9 15&4 b.tes D 1&&&&&& Ebit >G 1& usec

reliabilit. 55655 t;load 4655 r;load 1655

Noutput o0ittedO

Switch Performance Issue , #8+$


79/129


"*itc+# show processes cp

,P9 utilization for fi2e seconds %8H618H one 0inute %4H fi2e 0inutes %H

PI Runti0e(0s) In2oked usecs 5"ec 1:in 5:in G Process

1 & 15 & &'&&H &'&&H &'&&H & ,+unk :anager

4 151 15 &'&&H &'&&H &'&&H & >oad :eter

3 & 1 & &'&&H &'&&H &'&&H & , RP IP, ackg

4 1$4%$ 1&$ 13$8 &'&&H &'&&H &'&&H & ,+eck +eaps

5 & 1 & &'&&H &'&&H &'&&H & Pool :anager

$ & & &'&&H &'&&H &'&&H & i0ers

& 1 & &'&&H &'&&H &'&&H & I0age >icensing

8 & & &'&&H &'&&H &'&&H & >icense ,lient /

% %3 $ 115115 &'&&H &'&&H &'&&H & >icensing uto 9

1& & 1 & &'&&H &'&&H &'&&H & ,ras+ *riter

11 333&5& 51&8 $38% 44'&8H 3'34H 33'%4H & RP Input

1 & 1 & &'&&H &'&&H &'&&H & , :I PI

13 & 1 & &'&&H &'&&H &'&&H & "R


80/129


"*itc+# show processes cp sorted

,P9 utilization for fi2e seconds %4H61%H one 0inute %H fi2e 0inutes %4H


11 338444 5%35 $3%3 4'%H 41'5%H 3$'35H & RP Input

18 $&18 5$%&$4 %1 15'&1H 1'5H 1'34H & IP Input

&5 3144 $$3 11% 5'43H $'31H 4'38H & B,P Recei2e

14 34145 158% 1581 '1H 3'&H '%1H & Bulc > Process

8% 8%&% 18&&34 1$&5 '55H 'H '&H & +p0 0ain process

% 8&558 535 1&$%1 &'$3H &'%H &'83H & +p0 counter proc

183 18 13% 135 &'15H &'&8H &'&3H 1 2irtual ;ec

31 &&4 48%8 4&% &'15H &'&H &'&&H & /et ackground

184 5&&4 1%$3 5% &'15H &'&4H &'&H & "panning ree

13 1%3& 154% 14$4 &'15H &'1H &'1$H & BK: "tack Proces

$&& &%$4 14 &'15H &'13H &'15H & B>: address lea

5$ 3158 115$$& & &'15H &'%H &'H & Redart+ ; :ana

11 $$ 358 1 &'15H &'&H &'&4H & Bulc "tor0 ,ontr

13 & 1 & &'&&H &'&&H &'&&H & "R


81/129


Switch Performance Issue , #+$

he show interfaces acconting comm#nd reve#ls th#t L*A' 10is the &here the e/cessive A+P $#cets #re occurring. he show vlan comm#nd reve#ls th#t Mi 02, @, 11, 12, 18 #nd 22 #re in L*A' 10.

"*itc+# show interfaces acconting

2lan1


IP 35 4&38 $84

RP 13 8& 15 %&&2lan$


RP & & 14 84&

2lan8


RP & & 14 84&

2lan1& Protocol Pkts In ,+ars In Pkts ?ut ,+ars ?ut

IP 1$&5%43 1$8$34 3% $58$38

RP 1&5%43% $35$$38& 484 %&4&


82/129



83/129



o reduce the im$#ct o) the &ireless bro#dc#st on the &ired

net&or, you c#n limit the #mount o) bro#dc#sts the s&itch#cce$ts )rom those $orts.

4se the storm-control comm#nd on g011 #nd g018inter)#ces to limit bro#dc#sts, bec#use A+P re>uests #re

bro#dc#sts, to 8 $#cets $er second.

"*itc+# conf tnter configuration co00ands one per line' nd *it+ ,/>6T'

"*itc+(config)# interface g0/11"*itc+(config-if)# storm-control 'roadcast level pps #

"*itc+(config-if)# interface g0/1#"*itc+(config-if)# storm-control 'roadcast level pps #"*itc+(config-if)# end

Switch Performance Issue , #+$


84/129


"*itc+# show process cp sorted


11 3&48& $&4 $&$ 11'5&H 3'$5H 4'%4H & RP Input

4 1%3 14 1343 &'31H &'11H &'11H & ,+eck +eaps

144 $5& %8 88 &'15H &'11H &'13H & PI :: ging Pr

183 55% &$ 141 &'15H &'&3H &'&&H 1 icensing

$ & & &'&&H &'&&H &'&&H & i0ers

5 & 1 & &'&&H &'&&H &'&&H & Pool :anager

8 & & &'&&H &'&&H &'&&H & >icense ,lient / % 314 3 11$&$ &'&&H &'&1H &'&&H & >icensing uto 9

13 & 1 & &'&&H &'&&H &'&&H & "Road :eter

1$ % 5 18&& &'&&H &'&&H &'&&H & ntit. :I PI

Noutput o0ittedO

Switch Performance Issue , #+$'e/t, observe the $ositive results in the out$ut o) the show processescp sorted comm#nd #nd con)irm &ith the users th#t they #re no

longer e/$eriencing $roblems.

Switch Performance Troubleshooting Issue 8:


85/129


Switch Performance Troubleshooting Issue 8:-.cessi"e Securit' #*+?$ 4sers connecting to # s$eci)ic s&itch h#ve connectivity issues #nd s#y th#t &hile

&oring &ith their PCs # &indo& sometimes $o$s u$ indic#ting th#t their net&or

c#ble is un$lugged.

At other times, the PC re$orts th#t the c#ble is $lugged in, but the connection is very

b#d.

#ny o) the user &orst#tions c#nnot obt#in #n IP #ddress )rom the !CP server .

hose &ho do receive IP #ddresses )ind the net&or unus#ble.

Almost #ll users connected to this s&itch e/$erience the s#me $roblem.

Bhen you loo #t the m#inten#nce log )or this net&or, you see th#t # security

u$d#te occurred on this s&itch.

Switch Performance Issue 8 #,+?$


86/129


Switch Performance Issue 8 #,+?$

")ten &hen security is involved, # divide #nd con>uer #$$ro#ch c#n be used to

determine i) *#yer 8 or *#yer 9 security $olicies #re blocing the tr#))ic.

!o&ever, you c#nnot ignore the PC mess#ge th#t s#ys the c#ble is un$lugged.h#t c#nnot be # security con)igur#tion.

4se # bottom u$ #$$ro#ch )or this e/#m$le, st#rting #t one o) the PCs, &hich is

connected to the s&itch Mi02 inter)#ce.

Con)irm th#t the PC is connected using the show interfaces comm#nd, #nd

see th#t it is u$u$ but remember th#t the user re$orted th#t the connection isintermittent.

+eset the counters on the inter)#ce using the clear conters comm#nd.

"*itc+# show interface g0/"Aigabitt+ernet&6 is up line protocol is up (connected)

Bard*are is Aigabit t+ernet address is &&3'5d&8'5$8 (bia &&3'5d&8'5$8)

escription to ne* P,

:9 15&4 b.tes D 1&&&&&& Ebit >G 1& usec

reliabilit. 55655 t;load 1655 r;load 1655

Noutput o0ittedO

"*itc+# clear conters,lear Qs+o* interfaceQ counters on all interfaces confir0S

Switch Performance Issue 8 #8+?$


87/129


Switch Performance Issue 8 #8+?$ he user re$orts th#t the $roblem is occurring no&. 4se the show interfaces

comm#nd #g#in to see th#t the counters #re incre#sing, me#ning th#t some $#cets

#re being sent #nd received. It is not liely th#t #ll users &ith this $roblem h#ve b#d c#bles. ust to be sure, you

re$l#ce the c#ble, but the $roblem rem#ins.

he $roblems &ere re$orted #)ter # security u$d#te, but the $roblem is intermittent.

A $roblem c#used by security $olicy &ould be consistent.

A)ter elimin#ting *#yer 1 #s # $ossible $roblem c#use, move on to *#yer 2. he show vlan comm#nd indic#tes the user inter)#ce is in L*A' 10.

"*itc+#sh vlan

/ /a0e "tatus Ports

---- -------------------------- ------ ------------------------------

1 default acti2e Ai&61 Ai&64 Ai&6$ Ai&6

Ai&68 Ai&61& Ai&618 Ai&64 Ai&65 Ai&6$ Ai&6 Ai&68

3 /&&&3 acti2e

$ /&&&$ acti2e

8 /&&&8 acti2e

% /&&&% acti2e

1& /&&1& acti2e Ai&6 Ai&6% Ai&611 Ai&61

Ai&613 Ai&6

Noutput o0ittedO



88/129


"*itc+# show vlan filter vlan 102lan 1& +as filter /1&?9

"*itc+# show vlan access-map 6,N1078:


89/129

Ch#$ter 7@0© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

"*itc+#sh access-list 6,N1078:

;tended IP access list /1&?9

per0it tcp 1&'1'&'& &'&'&'55 +ost 1&'1&'5&'14 e@ do0ain

1& per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'15&'4 e@ ***

11 per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'151'4 e@ ***

& per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'15&'4 e@

1 per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'151'4 e@

3& per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'15&'4 e@ telnet

31 per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'151'4 e@ telnet

4& per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'15&'4 e@ 443

41 per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'151'4 e@ 443

5& per0it udp 1&'1'1'& &'&'&'55 +ost 1&'1&'15&'4 e@ sn0p

51 per0it udp 1&'1'1'& &'&'&'55 +ost 1&'1&'151'4 e@ sn0p

Noutput o0ittedO

Switch Performance Issue 8 #+?$

All o) the #ccess m#$s m#tch on IP #ddress, so this should not h#ve #n

e))ect on *#yer 1 or 2.

o be sure, dis$l#y one o) these #ccess lists, #s sho&n in the e/#m$le.

The access list has o"er 9@@ entries.

In #ddition, sever#l #ccess lists #re re)erenced )or the $#cets going

into or out o) this L*A'.

Switch Performance Issue 8 #;+?$


90/129


"*itc+# show ip interface vlan 10


91/129


"*itc+#sh access-li 6,N10;tended IP access list /1&?9

1& per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'5&'4 e@ ***

11 per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'151'4 e@ ***

& per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'5&'4 e@

1 per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'151'4 e@

3& per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'5&'4 e@ telnet

31 per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'151'4 e@ telnet 4& per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'5&'4 e@ 443

41 per0it tcp 1&'1'1'& &'&'&'55 +ost 1&'1&'151'4 e@ 443

5& per0it udp 1&'1'1'& &'&'&'55 +ost 1&'1&'5&'4 e@ sn0p

51 per0it udp 1&'1'1'& &'&'&'55 +ost 1&'1&'151'4 e@ sn0p

Noutput o0ittedO


is$l#ying #ccess-list L*A'10 reve#ls th#t it #lso h#s #

huge out$ut simil#r to the out$ut )or #ccess-list vl#n10Rout.

Could this #ccess list be #))ecting s&itch $er)orm#nce to the

e/tent th#t users c#nnot connectJ

Switch Performance Issue 8 #+?$


92/129


"*itc+# show platform tcam tili5ation ,: utilization for "I,# & :a; 9sed :asks6


93/129


"*itc+# show process cp,P9 utilization for fi2e seconds %8H61H one 0inute H fi2e 0inutes 3&HPI Runti0e(0s) In2oked usecs 5"ec 1:in 5:in G Process

1 34 813 41 &'&&H &'&&H &'&&H & ,+unk :anager 3 438 &'&&H &'&&H &'&&H & >oad :eter

3 & 1 & &'&&H &'&&H &'&&H & , RP IP, ackg

4 3%5&8 31& 13& 1'5H &'4H &'14H & ,+eck +eaps

5 3 1&$ $88 &'&&H &'&&H &'&&H & Pool :anager$ & & &'&&H &'&&H &'&&H & i0ers

Noutput o0ittedO

Switch Performance Issue 8 #?+?$

A chec o) CP4 utili6#tion using the show process cp comm#nd indic#testh#t it is very high.

his indic#tes th#t the CA is sending $#cets to the CP4 )or $rocessing,overlo#ding the CP4 #s # result.

he solution, noting th#t this is #n e/treme e/#m$le, is to re&rite #nd sim$li)y

the #ccess-lists.

Also, veri)y i) the s#me L*A' #ccess lists #t both the L*A' level #nd the

inter)#ce level #re necess#ry. I) the #ccess lists c#nnot be sim$li)ied, it might be time to invest in # dedic#ted

$l#t)orm )or security )iltering )or this net&or.


95/129

Ch#$ter 7@;© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

oub es oot g g oute C = oa # + $

he CP4 on # router c#n become too busy &hen there #re too

m#ny $#cets to )orrd or e/cessive m#n#gement #nd control

$l#ne $rocesses.

!igh CP4 c#n be norm#l #nd not c#use #ny net&or $roblems.

4tili6#tion m#y be high )or short $eriods due to # burst o) net&or

m#n#gement re>uests or e/$ected $e#s o) net&or tr#))ic.

I) the CP4 is too busy to )orrd #ll $#cets, the router m#y st#rtto bu))er $#cets, incre#sing l#tency, or even dro$ $#cets.

Also, bec#use the CP4 is s$ending most o) its time on $#cet

)orrding, control $l#ne $rocesses m#y not be #ble to get

su))icient #ccess to the CP4, &hich could le#d to )urtherdisru$tions due to )#iling routing or other control $l#ne $rotocols.

Troubleshooting High %outer CP= /oa #,+,$


96/129


g g # $

Common sym$toms o) # router CP4 th#t is too busy is th#t

the router )#ils to res$ond to cert#in service re>uests.% Slo& res$onse to elnet re>uests or to the comm#nds th#t #re issuedin #ctive elnet sessions.

% Slo& res$onse to console comm#nds.

% !igh l#tency on $ing res$onses or too m#ny $ing timeouts.

% 5#ilure to send routing $rotocol $#cets to other routers.

High %outer CP= /oa #*+,$


97/129


Router# show processes cp sorted

,P9 utilization for fi2e seconds H63H one 0inute 4H fi2e 0inutes 1H


$ 318415%3$ 1$5%8% 814% $5'&8H '&1H $8'&&H & IP Input

183 48& 35%8%$1$ 1 &'1$H &'&8H &'&8H & RI9"

4 43 3 385 &'4H &'&3H &'&$H & ""B Process

%8$4 335% 4 &'&8H &'&&H &'&&H & >oad :eter

$1 $5 13%34 48 &'&8H &'&&H &'&&H & ,P Protocol

33 143$ 11$18&8 1 &'&8H &'&1H &'&&H & Per-"econd Uobs

3 1&& 45385% &'&8H &'&1H &'&&H & """ eature i0e

Noutput o0ittedO

g # $

As &ith s&itches, use the show processes cp comm#nd to determine CP4utili6#tion on # router.

In the out$ut sho&n in the e/#m$le, the CP4 utili6#tion )or the l#st : secondss 72Q.

"ut o) this tot#l o) 72Q, 28Q o) the CP4 time s s$ent in interru$t mode

=s&itching $#cets?

4se the show processes cp histor! comm#nd to see the CP4 utili6#tion

)or the l#st ;0 seconds, ;0 minutes, #nd 72 hours in #n ASCII gr#$hic#l vie&.

High %outer CP= /oa #,+,$


98/129

Ch#$ter 7@@© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public

1111 1 1 % 1111115111 % 1 8 1 % 1 4

1%$1$&%383333338358388&441%&&%338438&3838&%8533333358&88

1&& C C

%& C C C

8& C C C C C C

& C C C C C C

$& C C CC C C C

5& C C CC C C C C

4& C C CC C C C C

3& C C CC C C C C

& CC C C C CC C C C C

1& ###CCC#CC C CC CCCC##CCCCCCCCC CCCCC CCC CCCCCCCCCCC CCCCCCC &''''5''''1''''1''''''''''''3''''3''''4''''4''''5''''5''''$''''$''''''

& 5 & 5 & 5 & 5 & 5 & 5 &

,P9H per +our (last +ours)

C J 0a;i0u0 ,P9H # J a2erage ,P9H

g # $

4se the show processes cp histor! comm#nd to see the CP4 utili6#tion)or the l#st ;0 seconds, ;0 minutes, #nd 72 hours in #n ASCII gr#$hic#l vie&.

High %outer CP= /oa: !%P Input


99/129


Router# show arpProtocol ddress ge (0in) Bard*are ddr .pe Interface

Internet 1&'1&'1&'1 - &&13'1%18'caae RP astt+ernet&6&

Internet 1&'1$'43'4% & Inco0plete RP

Internet 1&'1$'43'5& & Inco0plete RP

Internet 1&'1$'43'51 & Inco0plete RP




g p

he !%P Input $rocess c#uses high CP4 lo#ds i) the router origin#tes e/cessive

A+P re>uests.

ulti$le A+P re>uests )or the s#me IP #ddress #re limited to one every 2 seconds soe/cessive A+P re>uests c#n only occur i) the re>uests #re )or m#ny di))erent IP

#ddresses.

his c#n h#$$en i) #n IP route h#s been con)igured $ointing to # bro#dc#st inter)#ce

#nd c#uses the router to gener#te #n A+P re>uest )or e#ch IP #ddress th#t is not

re#ch#ble through # more s$eci)ic route.

An high number o) A+P re>uests c#n #lso be c#used by m#licious net&or tr#))ic.

A high number o) incom$lete A+P entries in the A+P t#ble c#n indic#te this ty$e o)

tr#))ic, #s sho&n in the e/#m$le.

High %outer CP= /oa: Net (ackgrounA IP (ackgroun an TCP Timer processes


100/129


Net (ackgroun:

% he $rocess runs &hen # bu))er is re>uired but is not #v#il#ble to # $rocess or #n inter)#ce.% It uses the m#in bu))er $ool to $rovide the re>uested bu))ers.

% 'et (#cground #lso m#n#ges the memory used by e#ch $rocess #nd cle#ns u$ )reed-u$ memory.

% he sym$toms o) high CP4 #re incre#ses in throttles, ignores, overruns, #nd resets on #n inter)#ceH

you c#n see these in the out$ut o) the sho& inter)#ces comm#nd.

IP (ackgroun:% his $rocess is res$onsible )or<

% nc#$sul#tion ty$e ch#nges on #n inter)#ce

% ove o) #n inter)#ce to # ne& st#te =u$ or do&n?

% Ch#nge o) IP #ddress on #n inter)#ce.

% odi)ying the routing t#ble b#sed on st#tus o) the inter)#ces

% 'oti)ies #ll routing $rotocols o) the st#tus ch#nge o) e#ch IP inter)#ce

TCP Timer:

% he CP imer $rocess is res$onsible )or CP sessions running on the router.

% !igh CP4 us#ge by this $rocess indic#tes too m#ny CP connections =such #s (MP $eers?.

High %outer CP= /oa: TCP Timer


101/129


Router# show tcp statisticsRc2d 1 otal 15 no port

& c+ecksu0 error & bad offset & too s+ort

4$$1 packets (351$3 b.tes) in se@uence

dup packets (8$& b.tes)

& partiall. dup packets (& b.tes)

& out-of-order packets (& b.tes)

& packets (& b.tes) *it+ data after *indo*

& packets after close

& *indo* probe packets & *indo* update packets

4 dup ack packets & ack packets *it+ unsend data

48 ack packets (38388 b.tes)

"ent 4%& otal & urgent packets

1$8 control packets (including 1 retrans0itted)

5&58 data packets (383831 b.tes)

data packets ($3& b.tes) retrans0itted

& data packets (& b.tes) fastretrans0itted

114$ ack onl. packets (818 dela.ed)

& *indo* probe packets 1 *indo* update packets

8 ,onnections initiated 8 connections accepted $5 connections establis+ed

3&4$ ,onnections closed (including dropped 15%% e0br.onic dropped)

4 total r;0t ti0eout & connections dropped in r;0t ti0eout

& Eeepali2e ti0eout & keepali2e probe & ,onnections dropped in keepali2e

ghe show tcp statistics comm#nd dis$l#ys det#iled CP in)orm#tion.

Troubleshooting Switching Paths #*+7$


102/129


g g # $

i))erent router $l#t)orms h#ve di))erent s&itching beh#vior.

% In 200 series routers #ll )unctions c#n be e/ecuted by the I"S running on the CP4.

% Some )unctions c#n be o))lo#ded to se$#r#te inst#ll#ble net&or modules.

% 7;00 series routers )orrd most $#cets &ith s$eci#l h#rdre #nd the m#in CP4 is

not involved in $rocessing o) most $#cets.

he t#s o) packet forwaring #ata plane$ consists o) t&o ste$s<

Ste$ 1. #ing # routing decision =b#sed on?<

% 'et&or to$ology in)orm#tion #nd con)igured $olicies

% In)orm#tion #bout net&or destin#tions, g#thered by # routing $rotocol

% Possible restrictions =#ccess lists or $olicy-b#sed routing =P(+?

Ste$ 2. S&itching the $#cet<

% 'ot to be con)used &ith *#yer 2 s&itching

% Involves moving # $#cet )rom #n in$ut bu))er to #n out$ut bu))er

% +e&riting the d#t# lin l#yer he#der o) the )r#me

% 5orrds the $#cet to the ne/t ho$ tord the )in#l destin#tion.

Troubleshooting Switching Paths #,+7$


103/129


g g # $

hree ty$es o) $#cet s&itching modes #re su$$orted by

Cisco routers<

% Process switching

% )ast switching

% Cisco -.press forwaring #C-)$ – de)#ult #nd recommended.

he s&itching method used #))ects the routerGs $er)orm#nce

#nd m#y be #ltered glob#lly or $er inter)#ce )or sever#l

re#sons<

% uring troubleshooting, to veri)y i) the observed beh#vior is c#used by

the s&itching method.

% uring debugging, to direct #ll $#cets to CP4 )or $rocessing.% (ec#use some I"S )e#tures re>uire # s$eci)ic s&itching method.

Troubleshooting Switching Paths #8+7$


104/129


g g # $ Process Switching

% he oldest mode #v#il#ble on Cisco routers #nd most CP4-intensive.

% e-enc#$sul#tes #nd enc#$sul#tes e#ch )r#me using the IP In$ut CP4 $rocess.

% Mre#tly degr#des $er)orm#nce )igures such #s through$ut, Ditter #nd l#tency.

% 4se only tem$or#rily #s # l#st resort during troubleshooting.

% Con)igured on #n inter)#ce by dis#bling )#st s&itching =#nd C5? using the no iprote-cache comm#nd.

)ast Switching% he )#st-s&itching c#che #nd $rocess st#rt #)ter the routing t#ble loou$ )or the )irst

$#cet in # destin#tion )lo&.

% Subse>uent )r#mes to th#t s#me destin#tion #re $rocessed by )#st s&itching #nd sent

to the outgoing inter)#ce.

% he inter)#ce $rocessor com$utes the C+C )or the )r#me.

% *ess $rocessor intensive th#n $rocess s&itching bec#use it uses # c#che entry. CP4

utili6#tion c#n go high i) the number o) ne& )lo&s $er second incre#ses, #s &ith #

net&or #tt#c.

% Con)igured on #n inter)#ce using the ip rote-cache comm#nd.

Troubleshooting Switching Paths #9+7$


105/129


g g # $ Cisco -.press )orwaring #C-)$

% e)#ult on Cisco routers #nd is the le#st CP4-intensive s&itching mode.

% In)orm#tion used )or $#cet )orrding resides in t&o t#bles<

% C-) )orwaring Information (ase #)I($ 3 /a'er 8 information:

% #ble used to m#e IP destin#tion $re)i/-b#sed s&itching decisions.

% 4$d#ted #)ter e#ch net&or ch#nge, but only once, #nd cont#ins #ll no&n routes.

% #ch ch#nge in the IP routing t#ble triggers # simil#r ch#nge in the 5I( t#ble.

% C-) a4acenc' table 3 /a'er , information:% Cont#ins *#yer 2 )r#me he#ders )or #ll ne/t ho$s used by the 5I(.

% hese #ddresses #re used to re&rite )r#me he#ders )or $#cets )orrded by # router.

% Sever#l Cisco I"S )e#tures re>uire C5 to be en#bled )or their o$er#tion<

% 'et&or-(#sed A$$lic#tion +ecognition ='(A+?

% AutooS #nd odul#r oS C*I =C?

% 5r#me +el#y tr#

Documents

TSHOOT Capitulo 7 ingles