forum.opennet.ru

Составление сообщения

Исходное сообщение

"Cisco 2811 загружена на 99%"
Отправлено Khazad, 15-Мрт-11 01:47

> !!! clear counters по всем
сделал
> 1. Загрузка по прерываниям 85%, причин может быть несколько:
> - большое количество пакетов
> - отключен или неправильно настроен cef
> - большое кол-во arp-запросов
> Покажите sh ip int и sh adj.
cisco-nn-analitik-center#sh ip int
FastEthernet0/0 is up, line protocol is up
  Internet address is 89.xx.xx.xx/27
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is BlockFromInternet
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Feature Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain outside
  BGP Policy Mapping is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
FastEthernet0/0.2 is deleted, line protocol is down
  Internet protocol processing disabled
FastEthernet0/1 is up, line protocol is up
  Internet address is 192.168.3.254/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Secondary address 192.168.104.254/24
  Secondary address 192.168.103.254/24
  Secondary address 192.168.101.254/24
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is enabled
  IP CEF switching is enabled
  IP CEF Flow Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, Flow cache, CEF, Subint Flow
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain inside
  BGP Policy Mapping is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
NVI0 is up, line protocol is up
  Interface is unnumbered. Using address of NVI0 (0.0.0.0)
  Broadcast address is 255.255.255.255
  MTU is 1514 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
Virtual-Access1 is down, line protocol is down
  Internet protocol processing disabled
Virtual-Access2 is up, line protocol is up
  Internet protocol processing disabled
Virtual-Access3 is down, line protocol is down
  Broadcast address is 255.255.255.255
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is enabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Feature Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
Loopback1 is up, line protocol is up
  Internet protocol processing disabled
Tunnel1 is up, line protocol is up
  Interface is unnumbered. Using address of FastEthernet0/1 (192.168.3.254)
  Broadcast address is 255.255.255.255
  MTU is 1400 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Feature Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
Tunnel100 is up, line protocol is up
  Internet address is 10.xx.xx.xx/30
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1400 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Feature Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled

cisco-n-a-c# sh adj
Protocol Interface                 Address
IP       FastEthernet0/1           192.168.3.107(5)
IP       FastEthernet0/1           192.168.3.105(5)
IP       FastEthernet0/0           89.xx.xx.xx(476)
IP       Tunnel1                   point2point(869351)
IP       FastEthernet0/0           89.xx.xx.xx(5)
IP       FastEthernet0/1           192.168.3.100(5)
IP       Tunnel100                 point2point(4)
IP       FastEthernet0/0           88.xx.xx.xx(3) (incomplete)
IP       FastEthernet0/1           192.168.3.67(5)
IP       FastEthernet0/1           192.168.3.86(5)
IP       FastEthernet0/1           192.168.3.49(5)
IP       FastEthernet0/1           192.168.3.53(5)
IP       FastEthernet0/1           192.168.3.11(5)
IP       FastEthernet0/1           192.168.3.10(5)
IP       FastEthernet0/1           192.168.3.9(5)
IP       FastEthernet0/1           192.168.3.15(5)
IP       FastEthernet0/1           192.168.3.13(5)
IP       FastEthernet0/1           192.168.3.12(5)
IP       FastEthernet0/1           192.168.3.2(5)
IP       FastEthernet0/1           192.168.3.1(5)
IP       FastEthernet0/1           192.168.3.6(5)
IP       FastEthernet0/1           192.168.3.5(5)
IP       FastEthernet0/1           192.168.3.27(5)
IP       FastEthernet0/1           192.168.3.25(5)
IP       FastEthernet0/1           192.168.3.29(5)
IP       FastEthernet0/0           192.168.2.22(5)
IP       FastEthernet0/1           192.168.3.22(5)
IP       FastEthernet0/1           192.168.3.251(9)
IP       FastEthernet0/1           192.168.3.252(5)
IP       FastEthernet0/1           192.168.3.244(5)
IP       FastEthernet0/0           192.11.13.5(5)
> 2. AIM-VPN у вас на борту, видимо, нет, соответственно, шифрованием туннелей у
> вас занимается исключительно процессор. Варианты: упрощать механизмы шифрования.
а как ?
> 3. clear ip traffic и через некоторое время опять sh ip traffic
> | i fra
> как быстро увеличивается счетчик? Возможно, ввиду неверно настроенных туннелей процессор
> занимается еще и сборкой фрагментированных пакетов.
А не увеличивается он. Как сбросил, так до сих пор:
cisco-n-a-c#sh ip traffic | include fra
         0 fragmented, 0 fragments, 0 couldn't fragment

> 4. Оч.много дропов на WAN fa0/0. Сделайте на интерфейсе load-interval 30, потом
> раз в минуту см.sh int fa0/0; интересует динамика input rate/output rate.
> Накопите 7-8 мин и еще раз покажите сюда.
Не то чтобы прям раз в минуту, но как то так, интервалы в 1-5 минут:
cisco-n-a-c#show interfaces fa0/0
30 second input rate 652000 bits/sec, 330 packets/sec
30 second output rate 669000 bits/sec, 326 packets/sec
    129 unknown protocol drops

30 second input rate 525000 bits/sec, 279 packets/sec
30 second output rate 549000 bits/sec, 277 packets/sec
     135 unknown protocol drops
30 second input rate 568000 bits/sec, 268 packets/sec
30 second output rate 905000 bits/sec, 281 packets/sec
     140 unknown protocol drops

30 second input rate 481000 bits/sec, 247 packets/sec
30 second output rate 485000 bits/sec, 239 packets/sec
     150 unknown protocol drops
30 second input rate 774000 bits/sec, 372 packets/sec
30 second output rate 776000 bits/sec, 369 packets/sec
     160 unknown protocol drops
30 second input rate 473000 bits/sec, 236 packets/sec
30 second output rate 477000 bits/sec, 232 packets/sec
        169 unknown protocol drops
30 second input rate 494000 bits/sec, 254 packets/sec
30 second output rate 499000 bits/sec, 252 packets/sec
     182 unknown protocol drops
30 second input rate 489000 bits/sec, 247 packets/sec
  30 second output rate 488000 bits/sec, 242 packets/sec
     197 unknown protocol drops
30 second input rate 499000 bits/sec, 259 packets/sec
  30 second output rate 525000 bits/sec, 257 packets/sec
     211 unknown protocol drops
> Вообще, заявленная пропуская способность 2811 - ~61mbps, но из опыта, это значение
> рекордное и зависит от живущего трафика. Возможно, вы просто уперлись в её пределы.
Ночью с циской все хорошо, наверное надо все это днем проделать.

Исходное сообщение
"Cisco 2811 загружена на 99%" Отправлено Khazad, 15-Мрт-11 01:47
> !!! clear counters по всем сделал > 1. Загрузка по прерываниям 85%, причин может быть несколько: > - большое количество пакетов > - отключен или неправильно настроен cef > - большое кол-во arp-запросов > Покажите sh ip int и sh adj. cisco-nn-analitik-center#sh ip int FastEthernet0/0 is up, line protocol is up Internet address is 89.xx.xx.xx/27 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is BlockFromInternet Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP CEF Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is enabled, interface in domain outside BGP Policy Mapping is disabled WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled FastEthernet0/0.2 is deleted, line protocol is down Internet protocol processing disabled FastEthernet0/1 is up, line protocol is up Internet address is 192.168.3.254/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Secondary address 192.168.104.254/24 Secondary address 192.168.103.254/24 Secondary address 192.168.101.254/24 Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is enabled IP CEF switching is enabled IP CEF Flow Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, Flow cache, CEF, Subint Flow Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is enabled, interface in domain inside BGP Policy Mapping is disabled WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled NVI0 is up, line protocol is up Interface is unnumbered. Using address of NVI0 (0.0.0.0) Broadcast address is 255.255.255.255 MTU is 1514 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is disabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is disabled IP Null turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is disabled BGP Policy Mapping is disabled WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled Virtual-Access1 is down, line protocol is down Internet protocol processing disabled Virtual-Access2 is up, line protocol is up Internet protocol processing disabled Virtual-Access3 is down, line protocol is down Broadcast address is 255.255.255.255 MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is enabled IP Flow switching is disabled IP CEF switching is enabled IP CEF Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is disabled BGP Policy Mapping is disabled WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled Loopback1 is up, line protocol is up Internet protocol processing disabled Tunnel1 is up, line protocol is up Interface is unnumbered. Using address of FastEthernet0/1 (192.168.3.254) Broadcast address is 255.255.255.255 MTU is 1400 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP CEF Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is disabled BGP Policy Mapping is disabled WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled Tunnel100 is up, line protocol is up Internet address is 10.xx.xx.xx/30 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1400 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP CEF Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is disabled BGP Policy Mapping is disabled WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled cisco-n-a-c# sh adj Protocol Interface Address IP FastEthernet0/1 192.168.3.107(5) IP FastEthernet0/1 192.168.3.105(5) IP FastEthernet0/0 89.xx.xx.xx(476) IP Tunnel1 point2point(869351) IP FastEthernet0/0 89.xx.xx.xx(5) IP FastEthernet0/1 192.168.3.100(5) IP Tunnel100 point2point(4) IP FastEthernet0/0 88.xx.xx.xx(3) (incomplete) IP FastEthernet0/1 192.168.3.67(5) IP FastEthernet0/1 192.168.3.86(5) IP FastEthernet0/1 192.168.3.49(5) IP FastEthernet0/1 192.168.3.53(5) IP FastEthernet0/1 192.168.3.11(5) IP FastEthernet0/1 192.168.3.10(5) IP FastEthernet0/1 192.168.3.9(5) IP FastEthernet0/1 192.168.3.15(5) IP FastEthernet0/1 192.168.3.13(5) IP FastEthernet0/1 192.168.3.12(5) IP FastEthernet0/1 192.168.3.2(5) IP FastEthernet0/1 192.168.3.1(5) IP FastEthernet0/1 192.168.3.6(5) IP FastEthernet0/1 192.168.3.5(5) IP FastEthernet0/1 192.168.3.27(5) IP FastEthernet0/1 192.168.3.25(5) IP FastEthernet0/1 192.168.3.29(5) IP FastEthernet0/0 192.168.2.22(5) IP FastEthernet0/1 192.168.3.22(5) IP FastEthernet0/1 192.168.3.251(9) IP FastEthernet0/1 192.168.3.252(5) IP FastEthernet0/1 192.168.3.244(5) IP FastEthernet0/0 192.11.13.5(5) > 2. AIM-VPN у вас на борту, видимо, нет, соответственно, шифрованием туннелей у > вас занимается исключительно процессор. Варианты: упрощать механизмы шифрования. а как ? > 3. clear ip traffic и через некоторое время опять sh ip traffic > \| i fra > как быстро увеличивается счетчик? Возможно, ввиду неверно настроенных туннелей процессор > занимается еще и сборкой фрагментированных пакетов. А не увеличивается он. Как сбросил, так до сих пор: cisco-n-a-c#sh ip traffic \| include fra 0 fragmented, 0 fragments, 0 couldn't fragment > 4. Оч.много дропов на WAN fa0/0. Сделайте на интерфейсе load-interval 30, потом > раз в минуту см.sh int fa0/0; интересует динамика input rate/output rate. > Накопите 7-8 мин и еще раз покажите сюда. Не то чтобы прям раз в минуту, но как то так, интервалы в 1-5 минут: cisco-n-a-c#show interfaces fa0/0 30 second input rate 652000 bits/sec, 330 packets/sec 30 second output rate 669000 bits/sec, 326 packets/sec 129 unknown protocol drops 30 second input rate 525000 bits/sec, 279 packets/sec 30 second output rate 549000 bits/sec, 277 packets/sec 135 unknown protocol drops 30 second input rate 568000 bits/sec, 268 packets/sec 30 second output rate 905000 bits/sec, 281 packets/sec 140 unknown protocol drops 30 second input rate 481000 bits/sec, 247 packets/sec 30 second output rate 485000 bits/sec, 239 packets/sec 150 unknown protocol drops 30 second input rate 774000 bits/sec, 372 packets/sec 30 second output rate 776000 bits/sec, 369 packets/sec 160 unknown protocol drops 30 second input rate 473000 bits/sec, 236 packets/sec 30 second output rate 477000 bits/sec, 232 packets/sec 169 unknown protocol drops 30 second input rate 494000 bits/sec, 254 packets/sec 30 second output rate 499000 bits/sec, 252 packets/sec 182 unknown protocol drops 30 second input rate 489000 bits/sec, 247 packets/sec 30 second output rate 488000 bits/sec, 242 packets/sec 197 unknown protocol drops 30 second input rate 499000 bits/sec, 259 packets/sec 30 second output rate 525000 bits/sec, 257 packets/sec 211 unknown protocol drops > Вообще, заявленная пропуская способность 2811 - ~61mbps, но из опыта, это значение > рекордное и зависит от живущего трафика. Возможно, вы просто уперлись в её пределы. Ночью с циской все хорошо, наверное надо все это днем проделать.

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, [email protected] (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	>> !!! clear counters по всем > сделал >> 1. Загрузка по прерываниям 85%, причин может быть несколько: >> - большое количество пакетов >> - отключен или неправильно настроен cef >> - большое кол-во arp-запросов >> Покажите sh ip int и sh adj. > cisco-nn-analitik-center#sh ip int > FastEthernet0/0 is up, line protocol is up > Internet address is 89.xx.xx.xx/27 > Broadcast address is 255.255.255.255 > Address determined by setup command > MTU is 1500 bytes > Helper address is not set > Directed broadcast forwarding is disabled > Outgoing access list is not set > Inbound access list is BlockFromInternet > Proxy ARP is enabled > Local Proxy ARP is disabled > Security level is default > Split horizon is enabled > ICMP redirects are always sent > ICMP unreachables are always sent > ICMP mask replies are never sent > IP fast switching is enabled > IP fast switching on the same interface is disabled > IP Flow switching is disabled > IP CEF switching is enabled > IP CEF Feature Fast switching turbo vector > IP multicast fast switching is enabled > IP multicast distributed fast switching is disabled > IP route-cache flags are Fast, CEF > Router Discovery is disabled > IP output packet accounting is disabled > IP access violation accounting is disabled > TCP/IP header compression is disabled > RTP/IP header compression is disabled > Policy routing is disabled > Network address translation is enabled, interface in domain outside > BGP Policy Mapping is disabled > WCCP Redirect outbound is disabled > WCCP Redirect inbound is disabled > WCCP Redirect exclude is disabled > FastEthernet0/0.2 is deleted, line protocol is down > Internet protocol processing disabled > FastEthernet0/1 is up, line protocol is up > Internet address is 192.168.3.254/24 > Broadcast address is 255.255.255.255 > Address determined by non-volatile memory > MTU is 1500 bytes > Helper address is not set > Directed broadcast forwarding is disabled > Secondary address 192.168.104.254/24 > Secondary address 192.168.103.254/24 > Secondary address 192.168.101.254/24 > Outgoing access list is not set > Inbound access list is not set > Proxy ARP is enabled > Local Proxy ARP is disabled > Security level is default > Split horizon is enabled > ICMP redirects are always sent > ICMP unreachables are always sent > ICMP mask replies are never sent > IP fast switching is enabled > IP fast switching on the same interface is disabled > IP Flow switching is enabled > IP CEF switching is enabled > IP CEF Flow Fast switching turbo vector > IP multicast fast switching is enabled > IP multicast distributed fast switching is disabled > IP route-cache flags are Fast, Flow cache, CEF, Subint Flow > Router Discovery is disabled > IP output packet accounting is disabled > IP access violation accounting is disabled > TCP/IP header compression is disabled > RTP/IP header compression is disabled > Policy routing is disabled > Network address translation is enabled, interface in domain inside > BGP Policy Mapping is disabled > WCCP Redirect outbound is disabled > WCCP Redirect inbound is disabled > WCCP Redirect exclude is disabled > NVI0 is up, line protocol is up > Interface is unnumbered. Using address of NVI0 (0.0.0.0) > Broadcast address is 255.255.255.255 > MTU is 1514 bytes > Helper address is not set > Directed broadcast forwarding is disabled > Outgoing access list is not set > Inbound access list is not set > Proxy ARP is enabled > Local Proxy ARP is disabled > Security level is default > Split horizon is enabled > ICMP redirects are always sent > ICMP unreachables are always sent > ICMP mask replies are never sent > IP fast switching is disabled > IP fast switching on the same interface is disabled > IP Flow switching is disabled > IP CEF switching is disabled > IP Null turbo vector > IP multicast fast switching is enabled > IP multicast distributed fast switching is disabled > IP route-cache flags are Fast, CEF > Router Discovery is disabled > IP output packet accounting is disabled > IP access violation accounting is disabled > TCP/IP header compression is disabled > RTP/IP header compression is disabled > Policy routing is disabled > Network address translation is disabled > BGP Policy Mapping is disabled > WCCP Redirect outbound is disabled > WCCP Redirect inbound is disabled > WCCP Redirect exclude is disabled > Virtual-Access1 is down, line protocol is down > Internet protocol processing disabled > Virtual-Access2 is up, line protocol is up > Internet protocol processing disabled > Virtual-Access3 is down, line protocol is down > Broadcast address is 255.255.255.255 > MTU is 1500 bytes > Helper address is not set > Directed broadcast forwarding is disabled > Outgoing access list is not set > Inbound access list is not set > Proxy ARP is enabled > Local Proxy ARP is disabled > Security level is default > Split horizon is enabled > ICMP redirects are always sent > ICMP unreachables are always sent > ICMP mask replies are never sent > IP fast switching is enabled > IP fast switching on the same interface is enabled > IP Flow switching is disabled > IP CEF switching is enabled > IP CEF Feature Fast switching turbo vector > IP multicast fast switching is enabled > IP multicast distributed fast switching is disabled > IP route-cache flags are Fast, CEF > Router Discovery is disabled > IP output packet accounting is disabled > IP access violation accounting is disabled > TCP/IP header compression is disabled > RTP/IP header compression is disabled > Policy routing is disabled > Network address translation is disabled > BGP Policy Mapping is disabled > WCCP Redirect outbound is disabled > WCCP Redirect inbound is disabled > WCCP Redirect exclude is disabled > Loopback1 is up, line protocol is up > Internet protocol processing disabled > Tunnel1 is up, line protocol is up > Interface is unnumbered. Using address of FastEthernet0/1 (192.168.3.254) > Broadcast address is 255.255.255.255 > MTU is 1400 bytes > Helper address is not set > Directed broadcast forwarding is disabled > Outgoing access list is not set > Inbound access list is not set > Proxy ARP is enabled > Local Proxy ARP is disabled > Security level is default > Split horizon is enabled > ICMP redirects are always sent > ICMP unreachables are always sent > ICMP mask replies are never sent > IP fast switching is enabled > IP fast switching on the same interface is disabled > IP Flow switching is disabled > IP CEF switching is enabled > IP CEF Feature Fast switching turbo vector > IP multicast fast switching is enabled > IP multicast distributed fast switching is disabled > IP route-cache flags are Fast, CEF > Router Discovery is disabled > IP output packet accounting is disabled > IP access violation accounting is disabled > TCP/IP header compression is disabled > RTP/IP header compression is disabled > Policy routing is disabled > Network address translation is disabled > BGP Policy Mapping is disabled > WCCP Redirect outbound is disabled > WCCP Redirect inbound is disabled > WCCP Redirect exclude is disabled > Tunnel100 is up, line protocol is up > Internet address is 10.xx.xx.xx/30 > Broadcast address is 255.255.255.255 > Address determined by setup command > MTU is 1400 bytes > Helper address is not set > Directed broadcast forwarding is disabled > Outgoing access list is not set > Inbound access list is not set > Proxy ARP is enabled > Local Proxy ARP is disabled > Security level is default > Split horizon is enabled > ICMP redirects are always sent > ICMP unreachables are always sent > ICMP mask replies are never sent > IP fast switching is enabled > IP fast switching on the same interface is disabled > IP Flow switching is disabled > IP CEF switching is enabled > IP CEF Feature Fast switching turbo vector > IP multicast fast switching is enabled > IP multicast distributed fast switching is disabled > IP route-cache flags are Fast, CEF > Router Discovery is disabled > IP output packet accounting is disabled > IP access violation accounting is disabled > TCP/IP header compression is disabled > RTP/IP header compression is disabled > Policy routing is disabled > Network address translation is disabled > BGP Policy Mapping is disabled > WCCP Redirect outbound is disabled > WCCP Redirect inbound is disabled > WCCP Redirect exclude is disabled > cisco-n-a-c# sh adj > Protocol Interface > Address > IP FastEthernet0/1 > 192.168.3.107(5) > IP FastEthernet0/1 > 192.168.3.105(5) > IP FastEthernet0/0 > 89.xx.xx.xx(476) > IP Tunnel1 > > point2point(869351) > IP FastEthernet0/0 > 89.xx.xx.xx(5) > IP FastEthernet0/1 > 192.168.3.100(5) > IP Tunnel100 > > point2point(4) > IP FastEthernet0/0 > 88.xx.xx.xx(3) (incomplete) > IP FastEthernet0/1 > 192.168.3.67(5) > IP FastEthernet0/1 > 192.168.3.86(5) > IP FastEthernet0/1 > 192.168.3.49(5) > IP FastEthernet0/1 > 192.168.3.53(5) > IP FastEthernet0/1 > 192.168.3.11(5) > IP FastEthernet0/1 > 192.168.3.10(5) > IP FastEthernet0/1 > 192.168.3.9(5) > IP FastEthernet0/1 > 192.168.3.15(5) > IP FastEthernet0/1 > 192.168.3.13(5) > IP FastEthernet0/1 > 192.168.3.12(5) > IP FastEthernet0/1 > 192.168.3.2(5) > IP FastEthernet0/1 > 192.168.3.1(5) > IP FastEthernet0/1 > 192.168.3.6(5) > IP FastEthernet0/1 > 192.168.3.5(5) > IP FastEthernet0/1 > 192.168.3.27(5) > IP FastEthernet0/1 > 192.168.3.25(5) > IP FastEthernet0/1 > 192.168.3.29(5) > IP FastEthernet0/0 > 192.168.2.22(5) > IP FastEthernet0/1 > 192.168.3.22(5) > IP FastEthernet0/1 > 192.168.3.251(9) > IP FastEthernet0/1 > 192.168.3.252(5) > IP FastEthernet0/1 > 192.168.3.244(5) > IP FastEthernet0/0 > 192.11.13.5(5) >> 2. AIM-VPN у вас на борту, видимо, нет, соответственно, шифрованием туннелей у >> вас занимается исключительно процессор. Варианты: упрощать механизмы шифрования. > а как ? >> 3. clear ip traffic и через некоторое время опять sh ip traffic >> \| i fra >> как быстро увеличивается счетчик? Возможно, ввиду неверно настроенных туннелей процессор >> занимается еще и сборкой фрагментированных пакетов. > А не увеличивается он. Как сбросил, так до сих пор: > cisco-n-a-c#sh ip traffic \| include fra > 0 fragmented, 0 > fragments, 0 couldn't fragment >> 4. Оч.много дропов на WAN fa0/0. Сделайте на интерфейсе load-interval 30, потом >> раз в минуту см.sh int fa0/0; интересует динамика input rate/output rate. >> Накопите 7-8 мин и еще раз покажите сюда. > Не то чтобы прям раз в минуту, но как то так, интервалы > в 1-5 минут: > cisco-n-a-c#show interfaces fa0/0 > 30 second input rate 652000 bits/sec, 330 packets/sec > 30 second output rate 669000 bits/sec, 326 packets/sec > 129 unknown protocol drops > 30 second input rate 525000 bits/sec, 279 packets/sec > 30 second output rate 549000 bits/sec, 277 packets/sec > 135 unknown protocol drops > 30 second input rate 568000 bits/sec, 268 packets/sec > 30 second output rate 905000 bits/sec, 281 packets/sec > 140 unknown protocol drops > 30 second input rate 481000 bits/sec, 247 packets/sec > 30 second output rate 485000 bits/sec, 239 packets/sec > 150 unknown protocol drops > 30 second input rate 774000 bits/sec, 372 packets/sec > 30 second output rate 776000 bits/sec, 369 packets/sec > 160 unknown protocol drops > 30 second input rate 473000 bits/sec, 236 packets/sec > 30 second output rate 477000 bits/sec, 232 packets/sec > 169 unknown protocol drops > 30 second input rate 494000 bits/sec, 254 packets/sec > 30 second output rate 499000 bits/sec, 252 packets/sec > 182 unknown protocol drops > 30 second input rate 489000 bits/sec, 247 packets/sec > 30 second output rate 488000 bits/sec, 242 packets/sec > 197 unknown protocol drops > 30 second input rate 499000 bits/sec, 259 packets/sec > 30 second output rate 525000 bits/sec, 257 packets/sec > 211 unknown protocol drops >> Вообще, заявленная пропуская способность 2811 - ~61mbps, но из опыта, это значение >> рекордное и зависит от живущего трафика. Возможно, вы просто уперлись в её пределы. > Ночью с циской все хорошо, наверное надо все это днем проделать.
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

На сайте действует частичное премодерирование - после публикации некоторые сообщения от анонимов могут автоматически скрываться ботом. После проверки модератором ошибочно скрытые сообщения раскрываются. Для ускорения раскрытия можно воспользоваться ссылкой "Сообщить модератору", указав в качестве причины обращения "скрыто по ошибке".

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру