[cisco-bba] Cisco 7206VXR running out of steam at 20mb throughput

Jason Lixfeld jason at lixfeld.ca
Thu May 17 11:42:16 EDT 2007 

Sorry, I meant "show proc cpu sorted | excl 0.00%__0.00%__0.00%" or  
"show proc cpu | excl 0.00%__0.00%__0.00%"

On 17-May-07, at 10:39 AM, Jason Lixfeld wrote:

> Let's see a 'show proc cpu | excl %0.00__%0.00__%0.00' when your CPU
> is running hot.  As well, let's see  show int f0/0 and show int f1/0
>
> That aside, a couple things:
>
> - Either force the connection between the 3Com and F1/0 to 100/full
> or connect the 3Com to a Gig interface and let it auto-sense speed
> and duplex.  I see you have the FastE forced to half duplex which
> isn't going to help your throughput.  You will notice collisions and
> dropped packets in show int as a result.  I'm not sure if that's
> going to increase CPU utilization though.
>
> - Can you separate your traffic into VLANs?  A bunch of secondaries
> on an interface are an old practice and should be avoided, IMO.
>
> - ip route-cache same-interface used to be helpful for situations
> like yours, but it's been years since I used it and it was with fast
> switching at the time, not CEF switching, so I'm not sure if it's
> needed seeing as how you are running CEF.
>
> On 17-May-07, at 8:37 AM, Wayne @ CTL wrote:
>
>> We have a Cisco 7206VXR router which is connected to interoute on
>> one side and a 3com 3300 with various VOIP Gateways (Cisco 53xx and
>> 54xx) and HTTP servers on the other, however its performance is not
>> quite what we expected, it seems to suffer from high CPU once
>> throughout hits approx 20mb upwards, til it gets to around 30mb
>> when CPU is 90% and it becomes unuseable.
>>
>> According to our Cisco dealer this unit should be good for 100mb
>> plus throughput no problems, so they are puzzled by the problem,
>> they have sold us some more ram we are now upto 1gb but it has made
>> no difference.
>>
>> I have tried introducing an access list firstly to rule out ICMP
>> flood / attack and then I blocked http as well to rule out code red.
>>
>> I have also followed the Cisco guide to troubleshooting high CPU
>> issue, and enabled CEF and tried to make the config as simple as
>> possible. I also used IP accounting to identify that the traffic is
>> as I expect (not DOS)
>>
>> It seems the VOIP traffic maybe causing the problem, and a few
>> people have commented that the small packet size causes issues -
>> this accounts for 90% of the traffic going through this router.
>>
>> Can anyone point me the right direction regarding what to try on  
>> this?
>>
>> Version:-  "disk2:c7200-is-mz.123-9.bin"
>> Here is the config:-
>>
>> Current configuration : 2319 bytes
>> !
>> version 12.3
>> service timestamps debug datetime msec
>> service timestamps log datetime msec
>> no service password-encryption
>> !
>> hostname Router
>> !
>> boot-start-marker
>> boot-end-marker
>> !
>> enable secret 5 ****
>> !
>> username ***
>> username ***
>> no aaa new-model
>> ip subnet-zero
>> !
>> !
>> ip cef
>> !
>>
>> !
>> interface FastEthernet0/0
>>  ip address 212.*** 255.255.255.252
>>  duplex full
>>  no cdp enable
>> !
>> interface GigabitEthernet0/1
>>  no ip address
>>  shutdown
>>  duplex auto
>>  speed auto
>>  media-type rj45
>>  no negotiation auto
>> !
>> interface GigabitEthernet0/2
>>  no ip address
>>  shutdown
>>  duplex auto
>>  speed auto
>>  media-type rj45
>>  no negotiation auto
>> !
>> interface GigabitEthernet0/3
>>  no ip address
>>  shutdown
>>  duplex auto
>>  speed auto
>>  media-type rj45
>>  no negotiation auto
>> !
>> interface FastEthernet1/0
>>  ip address 84.*** 255.255.255.224 secondary
>>  ip address 212.*** 255.255.255.224 secondary
>>  ip address 89.*** 255.255.255.224 secondary
>>  ip address 212.*** 255.255.255.224
>>  duplex half
>>  no cdp enable
>> !
>> ip classless
>> ip route 0.0.0.0 0.0.0.0 212.***
>>
>> no ip http server
>> !
>> !
>> access-list 101 deny   icmp any any
>> access-list 101 permit ip any any
>> access-list 102 deny   icmp any any
>> access-list 102 deny   tcp any any eq www
>> access-list 102 deny   tcp any any eq 443
>> access-list 102 permit ip any any
>> !
>> snmp-server community ***
>> snmp-server enable traps tty
>> !
>> !
>> !
>> !
>> !
>> gatekeeper
>>  shutdown
>> !
>> !
>> line con 0
>>  transport preferred all
>>  transport output all
>>  stopbits 1
>> line aux 0
>>  transport preferred all
>>  transport output all
>>  stopbits 1
>> line vty 0 4
>>  password ***
>>  login
>>  transport preferred all
>>  transport input all
>>  transport output all
>> line vty 5 10
>>  password ***
>>  login
>>  transport preferred all
>>  transport input all
>>  transport output all
>> !
>> !
>> end
>>
>> I'm at a loss as to what to try next, so any pointers would be much
>> appreciated!
>>
>> Thanks
>>
>> Wayne
>>
>>
>>
>>
>>
>> ________________________________________________
>> Message sent using UebiMiau 2.7.9-pjm-patch
>> _______________________________________________
>> cisco-bba mailing list
>> cisco-bba at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-bba
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba

More information about the cisco-bba mailing list