[nsp] Cat6509 MSFC1 interface stats.

Todd, Douglas M. DTODD at PARTNERS.ORG
Wed Dec 18 08:55:50 EST 2002 

Jim:

There are a few possibilities -

If you have dual routers running hsrp you could have asymetric routing. In one
router, out the other.
Possible code problem. There have been issues w/code and counters not
representing the correct information.
I doubt there is a configuration problem on the segment but it would be worth a
look. Is it possible that you are
getting ip redirects or a router on a stick senerio?

I would put a sniffer on the wire and see if you can gather any information on
the traffic condition.  I am
assuming that your setup is this:

[NETWORK] -> MSFC -> FIREWALL
and not:
[NETWORK] -> MSFC1 -> FIREWALL
[NETWORK] -> MSFC2 -> FIREWALL

==DMT>

-----Original Message-----
From: James Kilton [mailto:kilton9@yahoo.com]
Sent: Tuesday, December 17, 2002 9:19 PM
To: Todd, Douglas M.; cisco-nsp@puck.nether.net
Subject: RE: [nsp] Cat6509 MSFC1 interface stats.


I see the counters, but they don't all represent
reality.  In the example given below, the majority of
the traffic should be inbound, but the opposite is
true when looking at VLAN 101's counters:

#sh int vlan101
Vlan101 is up, line protocol is up 
  Hardware is Cat6k RP Virtual Ethernet, address is
0030.9633.1ca4 (bia 0030.9633.1ca4)
  Internet address is x.x.x.x/29
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/6 (size/max/drops/flushes);
Total output drops: 0
  Queueing strategy: fifo
  Output queue :0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 7000 bits/sec, 8 packets/sec
     10713367 packets input, 697925445 bytes, 0 no buffer
     Received 10178576 broadcasts, 0 runts, 0 giants,0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     263725465 packets output, 4248369389 bytes, 0 underruns
     0 output errors, 1 interface resets
     0 output buffer failures, 0 output buffers
swapped out

Note how much higher the output counters are, and that
almost all input packets are broadcasts (which makes
even less sense because there shouldn't be any
broadcasts on that segment, unless these are HSRP
packets (the switch has dual MSFCs).

The firewall is indeed using the switch as the next
hop towards the internal network.  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jim:

sh int vlan101 should give you in/out counters no
matter.. If you are not seeing any information then
there is something wrong w/where you are looking. Is
the fw using that address as a next-hop?

==DMT>

- ----SIGNAURE-------
Douglas M. Todd, Jr.
Network Engineering
Partners Health Care
Building 149
149 13 Street
Charlestown, MA 02129-200
Tel: 617.726.1403
Email: dtodd@partners.org
-
--------------------------------------------------------------------
PGP Finger Print: 9429 CAE3 B2D1 C2E1 DFBC  E7A6 E90A
9BE5 C7B6 47BC Key available via email. Verisign S/N:
3ff65cdf58b9dceda004baeed49e16cf
https://digitalid.verisign.com/services/client/index.html

> -----Original Message-----
> From: cisco-nsp-bounces@puck.nether.net 
> [mailto:cisco-nsp-bounces@puck.nether.net]On Behalf
Of James Kilton
> Sent: Monday, December 16, 2002 9:01 PM
> To: cisco-nsp@puck.nether.net
> Subject: [nsp] Cat6509 MSFC1 interface stats.
> 
> 
> I'm trying to collect traffic statistics for some
VLAN interfaces on a 
> C6509.  A lot of the numbers I'm getting seem to be
inaccurate.  For 
> example, there's one interface (VLAN 101) that only
has a firewall
> connected to it -- it's the corporate firewall that
> all employee internet traffic goes though.  When a
do
> a 'show int vlan 101', there's a good deal of output
> traffic, but virtually no input traffic. This is
> counter-intuitive, as most internet traffic should
be
> inbound.
> 
> Is there anything that could cause these counters to
> be inaccurate, other than a buggy IOS release?  I'm
> using CEF on the MSFC, not MLS, so I'm at a loss
here.
> 
> Thanks.
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up
now. 
> http://mailplus.yahoo.com 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at
http://puck.nether.net/pipermail/cisco-nsp/

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBPf+RBQgiZycqTvq3EQKN3ACfTbcVA9zKbC3EmUweTHy3bHmj5RQAoL4D
jAXkz3sSSNpyNJOC3UM78IG7
=9dmh
-----END PGP SIGNATURE-----

_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

More information about the cisco-nsp mailing list