Cisco 877 - I am guessing LAN throughput issue

[DJMK4]

Edit

 

[GhostlyPea]

Definitely odd. The switch in there should be capable of processing that sort of data fine (and does for me). providing the CRC errors aren't incrementing I wouldn't worry. What happens to other hosts connected to the router (like a laptop or PC), do they suffer too? You haven't tweaked the MTU on the hosts at all have you?

- GP

 

[DJMK4]

The CRC errors are incrementing, but not at a huge rate, so I am going to sort the cabling out, but given the rate is is incrementing, I wouldnt have thought it would be having that much of an impact on the bandwidth.

I havnt done a throughput test with another host hanging off the Cisco, I will have to either build another VM, or get down there with a laptop plugged in when I get a chance.

When I had the old netgear device where the Cisco is now, I was getting 65mb down / 17up out to the internet.



(ESXi host > Netgear > Tplink > ISP (WAN))

 

[GhostlyPea]

So the one Cisco has now replaced both previous items? First thing I'd do in this case is swap the cables, or atleast check them and try a laptop from behind it along with transferring a file through the switch (laptop to host maybe) to see what happens there.

- GP

 

[DJMK4]

So the one Cisco has now replaced both previous items? First thing I'd do in this case is swap the cables, or atleast check them and try a laptop from behind it along with transferring a file through the switch (laptop to host maybe) to see what happens there.

- GP

Nah,

Instead of


VMWare ESXi host----Netgear-----Ethernet link---------TPLink Router (LAN + Wifi)---WAN (FTTC)


I now have



VMWare ESXi host----Cisco 877-----Ethernet link---------TPLink Router (LAN + Wifi)---WAN (FTTC)


I will do some more testing and post outcomes when I am down there next.

 

[V-Spec]

The CRC errors are incrementing, but not at a huge rate, so I am going to sort the cabling out, but given the rate is is incrementing, I wouldnt have thought it would be having that much of an impact on the bandwidth.

I'd look at the incrementing CRC errors before anything else, even if they're only going up slowly - a small amount of packet-loss anywhere in the path is enough to make TCP ramp down and retransmit, and you'll struggle to get full speed.

You say you've checked speed and duplex everywhere? it *might* be a badly terminated cable (I have seen this before) but CRCs can occur with all manner of problems.

One thing i've noticed in the past with CRC errors - if you have a bad connection (like a badly terminated cable or broken fibre, or broken interface) the port can sometimes continue to increment CRC errors without any traffic at all (0 packets per second) whereas with duplex mismatches, you only tend to see CRC errors incrementing with traffic.

 

[DJMK4]

The speed and duplex settings have been harded on the cisco interfaces and on the vnics on the esxi host, going to replace all the cabling (I was going to put shorter cables in anyway), but its using the same cabling etc as the netgear was on, was literally just a straight swap so unless something has been damaged at the time I replaced the netgear for the Cisco, going to re-terminate the RJ45 socket which is the uplink to my TPLink.

But will give everything another once over.

 

[DJMK4]

Looking like the uplink cable on the cisco (FastEthernet0)

Just reset the counters, here are some shortened stats from the Cisco, I have logged on to a VM hanging off one of the interfaces.

You can see input and CRC errors (which increment only when I do something on the server (open a web browser and refresh page) bearing in mind I have an RDP session open to it at the moment.

------------


FastEthernet0 is up, line protocol is up
Hardware is Fast Ethernet, address is a0cf.5b26.a082 (bia a0cf.5b26.a082)
Description: $$$$$$------MANAGEMENT/WAN LINK------$$$$$$
Full-duplex, 100Mb/s
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
104 input errors, 104 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
4222 packets output, 3056256 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops



#show int fa2
FastEthernet2 is up, line protocol is up
Hardware is Fast Ethernet, address is a0cf.5b26.a084 (bia a0cf.5b26.a084)
Description: $$$$$$------MOR-SERV1------$$$$$$
Full-duplex, 100Mb/s
5 minute input rate 122000 bits/sec, 5 packets/sec
5 minute output rate 56000 bits/sec, 4 packets/sec
15572 packets input, 12974588 bytes, 0 no buffer
Received 285 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
14447 packets output, 7463834 bytes, 0 underruns




vmnics both set to 100mb full duplex hard set

 

[mad_allan]

What happens if you set it all to Auto neg?

 

[DJMK4]

Will have to test that possibly tomorrow as I am not about at the moment, although I cant really see it doing much better, iv checked all the way through but cant see any duplex mismatching going on.

Even logging on to the Windows server 2008 box and checking NIC settings 100mb full.

Will try it when I am around tomorrow

 

[DJMK4]

Done some testing there tonight, swapped the cables over, no difference, with the Cisco in place, I was still getting bandwidth issues around 2-3mb from my windows VM.

Everything set to 100mb full duplex hard coded

Swapped the cisco back out for the netgear, straight away my windows box getting 65mb down

Something on the Cisco is either not right, didnt have much time to play as I had to get back.

 

[mad_allan]

Post up the config

 

[Nymins]

Is there a particular need for the Cisco router? Does it provide functionality over the Netgear switch for your usage?

 

[DJMK4]

Here is the config I have, there is more stuff I am going to be doing with it, splitting VLANS, but primarily I wanted it as it holds more control over interfaces, management, VLAN configuration, and I want to see if I can get it working as a VPN gateway so I can move my VPN solution from being on one of the VM's, to the Cisco, as my main FTTC router there doesn't really have VPN capabilities

So it hopefully will eventually be terminating RAS VPN (client SSL) and at a later date an IPSec tunnel.

Also saves me putting in a switch, I do have a 2960 but don't really want to use it there for this plus it wouldn't give me the features I was testing

The only thing I havnt tried is swapping about the physical ports yesterday, and testing my laptop in the currently spare last port as I run out of time.

MOR-VPN#sh ru
Building configuration...

Current configuration : 3572 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MOR-VPN
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 ********
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2262815858
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2262815858
 revocation-check none
 rsakeypair TP-self-signed-2262815858
!
!
crypto pki certificate chain TP-self-signed-2262815858
 certificate self-signed 01
  3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32323632 38313538 3538301E 170D3032 30333031 30303230
  33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32363238
  31353835 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100A3DF DB97F30C 50EDF1E9 307777E7 1339C82D C79C8A18 A791C6C4 AF4BBA53
  4040329F 82201AD7 6C011B7D F3212E13 6E37B348 AB6A168F 461746EF AE059BCC
  0A4D2A70 D9290AB3 03B350B3 A193D01E 8CE2748A 0B0B0316 A93E5A7E 8036BDF7
  A8CA069C 6A1278C6 E5FEB799 9BBAA72C 50E6ED72 3566040B 71352FC6 3D7E8E3F
  F6CF0203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603
  551D1104 1A301882 164D4F52 2D56504E 2E646D6F 72616E64 612E636F 2E756B30
  1F060355 1D230418 30168014 3BD06F90 0E17E66F 90D61728 EC3A722A A118B6B8
  301D0603 551D0E04 1604143B D06F900E 17E66F90 D61728EC 3A722AA1 18B6B830
  0D06092A 864886F7 0D010104 05000381 81008DF6 2FC97D4A A9F0473D CEB911D8
  1FBACA19 05898B5A F58E7A78 74498DC4 1A025E49 06E7B7E4 DD106B0E 0AEE56DA
  F40CA1C5 EFC377E4 9F755956 A0C98013 1D8421D2 9D9C474A DBD611AE C3C17CD4
  FDCB5469 D379903A 24EFC5F8 C97CF5AB 26DA2C86 26CE83D1 8E10BB13 1AA2D4A1
  29F8140F 6F84EA11 94BB1FE5 3B5C26A7 A5E1
        quit
dot11 syslog
ip cef
!
!
!
!
no ip domain lookup
ip domain name dmoranda.co.uk
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip name-server 8.8.8.8
!
multilink bundle-name authenticated
!
!
username ****** privilege 15 secret 5 *******
username ******* privilege 15 secret 5 ******
!
!
archive
 log config
  hidekeys
!
!
ip ssh version 2
!
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface FastEthernet0
 description $$$$$$------MANAGEMENT/WAN LINK------$$$$$$
 switchport access vlan 20
 duplex full
 speed 100
!
interface FastEthernet1
 description $$$$$$------WAKEONLAN VLAN20------$$$$$$
 switchport access vlan 20
 duplex full
 speed 100
!
interface FastEthernet2
 description $$$$$$------MOR-SERV1------$$$$$$
 switchport access vlan 20
 duplex full
 speed 100
!
interface FastEthernet3
 switchport access vlan 20
 shutdown
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan20
 description $$$$$$------MANAGEMENT VLAN20------$$$$$$
 ip address 192.168.0.2 255.255.255.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 192.168.0.0 0.0.0.7
no cdp run
!
!
!
!
control-plane
!
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input ssh
!
scheduler max-task-time 5000
end

MOR-VPN#

 

[wildest_jjk]

I'm just trying to get up to speed with this thread. If you're VM network configuration is set up properly and based on your running config I would say it is the hardware performance.

The problem with these home/small business routers is there performance is never that great when it comes to switching.

Take a look at this:

http://www.dslreports.com/faq/13434

More specifically the router performance PDF. I had to look into switching performance with some fellow Cisco engineers when I got my 1921.

 

[DJMK4]

Strange how the upload bandwidth from the VM can reach 11mb though, and the download just 2-3mb.

Even though its not maxing out my upload of 17mb :/

Its hard to believe the LAN throughput cant cope here, should be getting more than 2-3mb through its LAN ports

 

[wildest_jjk]

That speed is probably across the fabric, have you tried it with only a single port up?

 

[DJMK4]

That speed is probably across the fabric, have you tried it with only a single port up?

Not really, not something I can do, would need atleast 2 ports in an up state, the port to WAN router, and a port for a PC.

Not something I could test remotely anyway.

 

[wildest_jjk]

Ok well that's all I can suggest to be honest based off of my experience and what you have said. Hopefully you can sort it out though and its not something as bad as a hardware limitation

EDIT: Ok I'm picking up things I didn't read before, let me read through again actually and try to understand fully.

 

[DJMK4]

Found the issue

For some reason it doesnt like FastEthernet0 being hardcoded to 100mb full duplex, this interface is the link to my other router which is the TPLink (which handles the FTTC connection).

Set this to auto, and left the rest of the cisco interfaces hard coded to 100mb full duplex

Speed from my VM now getting my normal bandwidth out to the internet, 65mb down and 17mb up

No more CRC errors on that, not sure why it didnt like being hard coded