[cisco-bba] Cisco 7206VXR running out of steam at 20mb throughput

Jason Lixfeld jason at lixfeld.ca
Thu May 17 10:39:29 EDT 2007 

Let's see a 'show proc cpu | excl %0.00__%0.00__%0.00' when your CPU  
is running hot.  As well, let's see  show int f0/0 and show int f1/0

That aside, a couple things:

- Either force the connection between the 3Com and F1/0 to 100/full  
or connect the 3Com to a Gig interface and let it auto-sense speed  
and duplex.  I see you have the FastE forced to half duplex which  
isn't going to help your throughput.  You will notice collisions and  
dropped packets in show int as a result.  I'm not sure if that's  
going to increase CPU utilization though.

- Can you separate your traffic into VLANs?  A bunch of secondaries  
on an interface are an old practice and should be avoided, IMO.

- ip route-cache same-interface used to be helpful for situations  
like yours, but it's been years since I used it and it was with fast  
switching at the time, not CEF switching, so I'm not sure if it's  
needed seeing as how you are running CEF.

On 17-May-07, at 8:37 AM, Wayne @ CTL wrote:

> We have a Cisco 7206VXR router which is connected to interoute on  
> one side and a 3com 3300 with various VOIP Gateways (Cisco 53xx and  
> 54xx) and HTTP servers on the other, however its performance is not  
> quite what we expected, it seems to suffer from high CPU once  
> throughout hits approx 20mb upwards, til it gets to around 30mb  
> when CPU is 90% and it becomes unuseable.
>
> According to our Cisco dealer this unit should be good for 100mb  
> plus throughput no problems, so they are puzzled by the problem,  
> they have sold us some more ram we are now upto 1gb but it has made  
> no difference.
>
> I have tried introducing an access list firstly to rule out ICMP  
> flood / attack and then I blocked http as well to rule out code red.
>
> I have also followed the Cisco guide to troubleshooting high CPU  
> issue, and enabled CEF and tried to make the config as simple as  
> possible. I also used IP accounting to identify that the traffic is  
> as I expect (not DOS)
>
> It seems the VOIP traffic maybe causing the problem, and a few  
> people have commented that the small packet size causes issues -  
> this accounts for 90% of the traffic going through this router.
>
> Can anyone point me the right direction regarding what to try on this?
>
> Version:-  "disk2:c7200-is-mz.123-9.bin"
> Here is the config:-
>
> Current configuration : 2319 bytes
> !
> version 12.3
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname Router
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret 5 ****
> !
> username ***
> username ***
> no aaa new-model
> ip subnet-zero
> !
> !
> ip cef
> !
>
> !
> interface FastEthernet0/0
>  ip address 212.*** 255.255.255.252
>  duplex full
>  no cdp enable
> !
> interface GigabitEthernet0/1
>  no ip address
>  shutdown
>  duplex auto
>  speed auto
>  media-type rj45
>  no negotiation auto
> !
> interface GigabitEthernet0/2
>  no ip address
>  shutdown
>  duplex auto
>  speed auto
>  media-type rj45
>  no negotiation auto
> !
> interface GigabitEthernet0/3
>  no ip address
>  shutdown
>  duplex auto
>  speed auto
>  media-type rj45
>  no negotiation auto
> !
> interface FastEthernet1/0
>  ip address 84.*** 255.255.255.224 secondary
>  ip address 212.*** 255.255.255.224 secondary
>  ip address 89.*** 255.255.255.224 secondary
>  ip address 212.*** 255.255.255.224
>  duplex half
>  no cdp enable
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 212.***
>
> no ip http server
> !
> !
> access-list 101 deny   icmp any any
> access-list 101 permit ip any any
> access-list 102 deny   icmp any any
> access-list 102 deny   tcp any any eq www
> access-list 102 deny   tcp any any eq 443
> access-list 102 permit ip any any
> !
> snmp-server community ***
> snmp-server enable traps tty
> !
> !
> !
> !
> !
> gatekeeper
>  shutdown
> !
> !
> line con 0
>  transport preferred all
>  transport output all
>  stopbits 1
> line aux 0
>  transport preferred all
>  transport output all
>  stopbits 1
> line vty 0 4
>  password ***
>  login
>  transport preferred all
>  transport input all
>  transport output all
> line vty 5 10
>  password ***
>  login
>  transport preferred all
>  transport input all
>  transport output all
> !
> !
> end
>
> I'm at a loss as to what to try next, so any pointers would be much  
> appreciated!
>
> Thanks
>
> Wayne
>
>
>
>
>
> ________________________________________________
> Message sent using UebiMiau 2.7.9-pjm-patch
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba

More information about the cisco-bba mailing list