[afnog] PLZ GURUs help me here
Yasini Kilima
ykilima at tra.go.tz
Wed Oct 12 12:36:52 UTC 2011
To be honesty my network architecture on the Backbone is poor.
My HQ LAN is on a single and large subnet as well as segment for both HQ users and all business servers excepting dmz servers that I deployed after introducing an ASA 5500 series firewall which I found in the store lying after joining the office.
I wanted to implement the VLAN technology and isolate all business servers to be on their own VLAN but the resources are not yet available. I even wanted to use Routers for segmentation only to get extra Interface cards but also are not yet obtained, now I am forced to accept the situation and try to live and love it.
The router which is misbehaving is a Cisco 2821. Also on the subnet there are about 6 subnets all on one broadcast domain, of which 3 I am sure are full that is at least 700 user systems dhcp served. Also more than 50 servers on that same domain, not to mention VPN users who also connect to the same segment remotely. The router is the main gateway router that I cannot be surprised to learn its failure as I know it is on a drill. The traffic you see is the Inside traffic from the backbone segment where the servers are located.
Is there anything I can do with available resources to relieve my pressure as users on remote sites are the ones who suffer? Bandwidth upgrade 0n the main pipe has not solved anything and I knew it could not do it as the problem is internal I just could not interfere with other people who decided to solve the problem by increasing bandwidth.
Now please if you have an idea using my available resources please.
-----Original Message-----
From: Bernard Wanyama [mailto:bwanyama at syntechug.com]
Sent: Wednesday, October 12, 2011 2:32 PM
To: Yasini Kilima
Cc: afnog at afnog.org
Subject: Re: [afnog] PLZ GURUs help me here
Hi Yasini,
If I am seeing correctly, your router RTR-02 is doing 20Mbps and has a lot
of packet drops on the input queue on interface Gi0/0 - a sign of stress!
What router model is it? What are the traffic levels on the other
interfaces? Sustaining 20Mbps can be quite a challenge......
Secondly, what kind of routing exists between branch routers, RTR-01,
RTR-02, core switches and server?
Kind regards,
Bernard
On 12 October 2011 12:10, Yasini Kilima <ykilima at tra.go.tz> wrote:
> Hello Gurus,****
>
> I have a problem on my network where access to my internal servers is very
> slow ****
>
> A ping to different hops along the WAN links is fine <less than 100ms>.
> That is I can reach my HQ router on its WAN interface at this latency, which
> is O.k to me.****
>
> But when I try to reach my servers (all of them) on the same link they
> reply with more than 700ms. I logged in on one of the servers remotely and
> tried to ping the inside interface of the HQ router the reply was 1ms.****
>
> Now I am about going crazy because I thought perhaps there is a broadcast
> on my internal LAN but it seems not.****
>
> ** **
>
> I ran the command 'show int summ) on my HQ gateway router and got the
> below output RTR-02. I tried on another router and got as shown below. This
> reveals a problem or correct me if am wrong but am not able to exactly know
> what the problem might be. However my router runs at less than 20% CPU Usage
> and memory is fine. I can confess that my LAN is very huge on a single
> broadcast domain and we are planning to segment it the problem is management
> approval. ****
>
> ** **
>
> Now with this output can you please help me to translate the problem from
> the show int sum output? I am stuck.****
>
> ** **
>
> RTR-02#show int summ****
>
> ** **
>
> *: interface is up****
>
> IHQ: pkts in input hold queue IQD: pkts dropped from input queue****
>
> OHQ: pkts in output hold queue OQD: pkts dropped from output queue****
>
> RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)****
>
> TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)****
>
> TRTL: throttle count****
>
> ** **
>
> Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL**
> **
>
> ------------------------------------------------------------------------**
> **
>
> * GigabitEthernet0/0 0 1423963 0 0 20659000 5709 20531000
> 5668 3****
>
> 16885****
>
> * GigabitEthernet0/1 0 0 0 74 934000 308 955000 286 0
> ****
>
> * GigabitEthernet0/1.8 - - - - - - - - -***
> *
>
> * GigabitEthernet0/1.67 - - - - - - - - -***
> *
>
> NOTE:No separate counters are maintained for subinterfaces****
>
> Hence Details of subinterface are not shown****
>
> ** **
>
> ** **
>
> RTR-01 #show int summ****
>
> ** **
>
> *: interface is up****
>
> IHQ: pkts in input hold queue IQD: pkts dropped from input queue****
>
> OHQ: pkts in output hold queue OQD: pkts dropped from output queue****
>
> RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)****
>
> TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)****
>
> TRTL: throttle count****
>
> ** **
>
> Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL**
> **
>
> ------------------------------------------------------------------------**
> **
>
> * GigabitEthernet0/0 0 0 0 0 2071000 1056 7235000
> 1194 0****
>
> * GigabitEthernet0/0.2685 - - - - - - - - -*
> ***
>
> * GigabitEthernet0/1 0 1 0 0 6947000 1235 1766000
> 1075 1****
>
> NOTE:No separate counters are maintained for subinterfaces****
>
> Hence Details of subinterface are not shown****
>
> RTR-01#****
>
> ** **
>
> ** **
>
> Yasini Kilima | Communication Engineer | Direct Line: +255 22 2119640 |
> Fax Line: | Office: 6th Floor, Mapato House | Mobile: +255 715 123754 |
> Website: http://www.tra.go.tz
> ------------------------------
>
> ------------------------------
>
>
>
> DISCLAIMER: This e-mail and any attachments are proprietary to TANZANIA
> REVENUE AUTHORITY.Any unauthorized use or interception is illegal. The views
> and opinions expressed are those of the sender, unless clearly stated as
> being those of TANZANIA REVENUE AUTHORITY. This e-mail is only addressed to
> the addressee and TANZANIA REVENUE AUTHORITY shall not be responsible for
> any further publication of the contents of this e-mail. If this e-mail is
> not addressed to you, you may not copy, print, distribute or disclose the
> contents to anyone nor act on its contents. If you received this in error,
> please inform the sender and delete this e-mail from your computer.
>
>
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>
--
Bernard Wanyama
Technical Manager
SYNTECH ASSOCIATES Ltd
Cell: +256 712 193979
Fixed: +256 414 251591
Web: www.syntechug.com
Email: bwanyama at syntechug.com
<html>
<body>
[X] Yasini Kilima | Communication Engineer | Direct Line: +255 22 2119640 | Fax Line: | Office: 6th Floor, Mapato House | Mobile: +255 715 123754 | Website: http://www.tra.go.tz ________________________________ ________________________________ DISCLAIMER: This
e-mail and any attachments are proprietary to TANZANIA REVENUE AUTHORITY.Any unauthorized use or interception is illegal. The views and opinions expressed are those of the sender, unless clearly stated as being those of TANZANIA REVENUE AUTHORITY. This e-mail
is only addressed to the addressee and TANZANIA REVENUE AUTHORITY shall not be responsible for any further publication of the contents of this e-mail. If this e-mail is not addressed to you, you may not copy, print, distribute or disclose the contents to anyone
nor act on its contents. If you received this in error, please inform the sender and delete this e-mail from your computer.
</body>
</html>
More information about the afnog
mailing list