[nsp] Cat6509 MSFC1 interface stats.
James Kilton
kilton9 at yahoo.com
Wed Dec 18 18:45:29 EST 2002
Yes, [NETWORK] -> MSFC -> FIREWALL is an accurate
representation. The MSFC's run HSRP such that all
VLANs on MSFC-1 are active and those on MSFC-2 are in
standby. Current output from VLAN101 on the standby
MSFC is:
#sh int vlan101
Vlan101 is up, line protocol is up
Hardware is Cat6k RP Virtual Ethernet, address is
0030.7b92.c464 (bia 0030.7b92.c464)
Internet address is x.x.x.x/29
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes);
Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
10256140 packets input, 576287603 bytes, 0 no
buffer
Received 10255977 broadcasts, 0 runts, 0 giants,
0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0
ignored
4291987 packets output, 403447553 bytes, 0
underruns
0 output errors, 0 interface resets
0 output buffer failures, 0 output buffers
swapped out
Same situation with input packets... Guess it has to
be HSRP.
The segment consists soley of the two VLAN101
interfaces and the firewall. This is why I'm at a
loss with this -- there's nowhere for the traffic to
go other than through VLAN101. ;-)
I'll check the bug toolkit and see if there's anything
counter related in there for my IOS version. I've
seen some threads here about inaccurate counters but
they seemed to mostly be for very new IOS versions,
and I was hoping my issue would be more easily fixable
relative to upgrading to a different version of IOS
and crossing my fingers. Oh well. ;-)
Thanks for the assistance.
--- "Todd, Douglas M." <DTODD@PARTNERS.ORG> wrote:
> Jim:
>
> There are a few possibilities -
>
> If you have dual routers running hsrp you could have
> asymetric routing. In one
> router, out the other.
> Possible code problem. There have been issues w/code
> and counters not
> representing the correct information.
> I doubt there is a configuration problem on the
> segment but it would be worth a
> look. Is it possible that you are
> getting ip redirects or a router on a stick senerio?
>
> I would put a sniffer on the wire and see if you can
> gather any information on
> the traffic condition. I am
> assuming that your setup is this:
>
> [NETWORK] -> MSFC -> FIREWALL
> and not:
> [NETWORK] -> MSFC1 -> FIREWALL
> [NETWORK] -> MSFC2 -> FIREWALL
>
> ==DMT>
>
> -----Original Message-----
> From: James Kilton [mailto:kilton9@yahoo.com]
> Sent: Tuesday, December 17, 2002 9:19 PM
> To: Todd, Douglas M.; cisco-nsp@puck.nether.net
> Subject: RE: [nsp] Cat6509 MSFC1 interface stats.
>
>
> I see the counters, but they don't all represent
> reality. In the example given below, the majority
> of
> the traffic should be inbound, but the opposite is
> true when looking at VLAN 101's counters:
>
> #sh int vlan101
> Vlan101 is up, line protocol is up
> Hardware is Cat6k RP Virtual Ethernet, address is
> 0030.9633.1ca4 (bia 0030.9633.1ca4)
> Internet address is x.x.x.x/29
> MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
> reliability 255/255, txload 1/255, rxload 1/255
> Encapsulation ARPA, loopback not set
> ARP type: ARPA, ARP Timeout 04:00:00
> Last input 00:00:00, output never, output hang
> never
> Last clearing of "show interface" counters never
> Input queue: 0/75/0/6 (size/max/drops/flushes);
> Total output drops: 0
> Queueing strategy: fifo
> Output queue :0/40 (size/max)
> 5 minute input rate 0 bits/sec, 0 packets/sec
> 5 minute output rate 7000 bits/sec, 8 packets/sec
> 10713367 packets input, 697925445 bytes, 0 no
> buffer
> Received 10178576 broadcasts, 0 runts, 0
> giants,0 throttles
> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0
> ignored
> 263725465 packets output, 4248369389 bytes, 0
> underruns
> 0 output errors, 1 interface resets
> 0 output buffer failures, 0 output buffers
> swapped out
>
> Note how much higher the output counters are, and
> that
> almost all input packets are broadcasts (which makes
> even less sense because there shouldn't be any
> broadcasts on that segment, unless these are HSRP
> packets (the switch has dual MSFCs).
>
> The firewall is indeed using the switch as the next
> hop towards the internal network.
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jim:
>
> sh int vlan101 should give you in/out counters no
> matter.. If you are not seeing any information then
> there is something wrong w/where you are looking. Is
> the fw using that address as a next-hop?
>
> ==DMT>
>
> - ----SIGNAURE-------
> Douglas M. Todd, Jr.
> Network Engineering
> Partners Health Care
> Building 149
> 149 13 Street
> Charlestown, MA 02129-200
> Tel: 617.726.1403
> Email: dtodd@partners.org
> -
>
--------------------------------------------------------------------
> PGP Finger Print: 9429 CAE3 B2D1 C2E1 DFBC E7A6
> E90A
> 9BE5 C7B6 47BC Key available via email. Verisign
> S/N:
> 3ff65cdf58b9dceda004baeed49e16cf
>
https://digitalid.verisign.com/services/client/index.html
>
> > -----Original Message-----
> > From: cisco-nsp-bounces@puck.nether.net
> > [mailto:cisco-nsp-bounces@puck.nether.net]On
> Behalf
> Of James Kilton
> > Sent: Monday, December 16, 2002 9:01 PM
> > To: cisco-nsp@puck.nether.net
> > Subject: [nsp] Cat6509 MSFC1 interface stats.
> >
> >
> > I'm trying to collect traffic statistics for some
> VLAN interfaces on a
> > C6509. A lot of the numbers I'm getting seem to
> be
> inaccurate. For
> > example, there's one interface (VLAN 101) that
> only
> has a firewall
> > connected to it -- it's the corporate firewall
> that
> > all employee internet traffic goes though. When a
> do
> > a 'show int vlan 101', there's a good deal of
> output
> > traffic, but virtually no input traffic. This is
> > counter-intuitive, as most internet traffic should
> be
> > inbound.
> >
> > Is there anything that could cause these counters
> to
> > be inaccurate, other than a buggy IOS release?
> I'm
> > using CEF on the MSFC, not MLS, so I'm at a loss
> here.
> >
> > Thanks.
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> > http://mailplus.yahoo.com
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp@puck.nether.net
> > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at
> http://puck.nether.net/pipermail/cisco-nsp/
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.0
>
>
iQA/AwUBPf+RBQgiZycqTvq3EQKN3ACfTbcVA9zKbC3EmUweTHy3bHmj5RQAoL4D
> jAXkz3sSSNpyNJOC3UM78IG7
> =9dmh
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> http://mailplus.yahoo.com
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
More information about the cisco-nsp
mailing list