Ostatnio nabylismy cisco 7204VXR z dwoma portami fast ethernet oraz NPE-400 512 RAM-u
Mamy podpiete narazie jedno lacze 20 Mb/s wraz z BGP z pelna lista prefiksow.
Robie tez NAT na nim dla sieci. Wykorzystujemy raptem gdzies 10Mb/s.
Mam tam IOS c7200-jk9o3s-mz.123-24.bin i probowalem juz na przeroznych od najnowszych 12.4 (c7200-ik9s-mz.124-21.bin). System najbardziej stabilnie pracuje pod kontrola 12.3.24. Jak mialem 12.4 to mialem przerozne zwiechy systemu. Strasznie nie stabilnie pracowal.
Ogolnie moim problemem jest obciazenie procesora. Ktore wydaje mi sie zaduze do tego co robi ten ruter.
Np:
Kod: Zaznacz cały
CPU utilization for five seconds: 66%/60%; one minute: 62%; five minutes: 49%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
53 31471764 57189497 550 6.23% 8.68% 12.46% 0 IP Input
164 27507460 141505 194393 0.00% 2.57% 4.45% 0 BGP Scanner
6 4151144 215651 19249 0.00% 0.46% 0.68% 0 Check heaps
76 1408456 9733 144709 0.00% 0.15% 0.25% 0 IP Cache Ager
65 1329172 8773 151507 0.00% 0.12% 0.19% 0 IP Background
156 125976 246686 510 0.00% 0.03% 0.05% 0 IP SNMP
88 554956 1148055 483 0.15% 0.02% 0.00% 0 BGP Router
154 577204 7301846 79 0.00% 0.02% 0.03% 0 IP NAT Ager
Kombinowalem juz jak moglem. Mam ogolnie podstawa konfiguracje zadnych dziwnostek. Nie wiem czemu mi ten ruter tak zabija procka. W dokumentacji tego procesowa podobno moze nawet do 250 Mb/s pchnac. My niei generujemy na ten czas wiecej niz 10Mb/s. Oczywiscie dochodzi do tego NAT i BGP. ALe i tak 10 do 250 Mb/s to duza roznica. Ponizej to moj konfig
Kod: Zaznacz cały
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
no service dhcp
!
hostname gw
!
boot-start-marker
boot system flash c7200-jk9o3s-mz.123-24.bin
boot-end-marker
!
logging buffered 20000 debugging
!
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
ip subnet-zero
no ip source-route
no ip bootp server
ip cef
ip audit po max-events 100
ip ssh time-out 30
ip ssh authentication-retries 1
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 13
ip address (tutaj ipki polaczeniowe do operatora)
ip nat outside
!
interface FastEthernet0/0.2
description DSL
encapsulation dot1Q 11
ip address (lacze zapasowe)
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.1
description serwer
encapsulation dot1Q 2
ip address 172.16.2.1 255.255.255.240
ip nat inside
!
interface FastEthernet0/1.2
drugi serwer
encapsulation dot1Q 50
ip address 10.1.1.2 255.255.255.252
ip nat inside
!
interface FastEthernet0/1.3
description trzeci
encapsulation dot1Q 4
ip address 172.16.2.17 255.255.255.240
ip nat inside
!
interface FastEthernet0/1.4
description link do operatora ktoremu sprzedajemy lacze
encapsulation dot1Q 3
ip address 172.16.255.1 255.255.255.248
ip nat inside
rate-limit input 4200000 787500 1575000 conform-action transmit exceed-action drop
rate-limit output 4200000 787500 1575000 conform-action transmit exceed-action drop
!
router bgp xxxxx
no synchronization
bgp router-id xxxx
bgp log-neighbor-changes
network xxxx mask xxx
network xxx mask xxxx
neighbor xxx remote-as 20804
no auto-summary
!
ip nat translation timeout 240
ip nat inside source list LAN-NAT interface FastEthernet0/0.1 overload
ip nat inside source static 172.16.2.2 xxxx
ip nat inside source static 172.16.255.2 xxxx
ip classless
ip route 0.0.0.0 0.0.0.0 xxxx
ip route xxx 255.255.254.0 172.16.255.2
ip route 172.16.1.0 255.255.255.0 10.1.1.1
ip route 172.16.10.0 255.255.255.0 10.1.1.1
ip route 172.16.10.14 255.255.255.255 172.16.2.18
ip route 172.16.20.0 255.255.255.0 10.1.1.1
ip route 172.16.30.0 255.255.255.0 10.1.1.1
ip route 172.17.0.0 255.255.0.0 10.1.1.1
ip route xxx 255.255.254.0 10.1.1.1
ip route xxxx 255.255.255.255 172.16.2.2
ip route xxxx 255.255.255.255 172.16.255.2
no ip http server
no ip http secure-server
!
!
!
ip access-list standard DSL-NET
permit xx 0.0.0.7
ip access-list standard LAN-NAT
permit 10.1.1.1
permit 172.16.1.10
permit 172.16.1.3
permit 172.16.10.0 0.0.0.255
permit 172.17.0.0 0.0.255.255
permit 172.16.20.0 0.0.0.255
permit 172.16.30.0 0.0.0.255
!
route-map test permit 10
!
snmp-server community xxx
snmp-server location xxx
snmp-server contact xxx
snmp-server chassis-id xxx
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
session-timeout 60
exec-timeout 50 0
Oto stat z NATowania
Kod: Zaznacz cały
Total active translations: 4650 (2 static, 4648 dynamic; 4648 extended)
Outside interfaces:
FastEthernet0/0.1
Inside interfaces:
FastEthernet0/1.1, FastEthernet0/1.2, FastEthernet0/1.3, FastEthernet0/1.4
Hits: 124374768 Misses: 3225538
Expired translations: 3234489
Dynamic mappings:
-- Inside Source
[Id: 1] access-list LAN-NAT interface FastEthernet0/0.1 refcount 6869
CEF mam wlaczony na wszystkich (dwoch) interfejsach.
A to historia obciazenia z rutera:
Kod: Zaznacz cały
3333333444443333333333222223333333333444446666688888333333
3322222111111111111111888880000088888000000000044444777770
100
90
80 *****
70 *****
60 **********
50 **********
40 ***** *************************
30 ************************************************************
20 ************************************************************
10 ************************************************************
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per second (last 60 seconds)
1 1 1 1
8890998888888990999977889099899888877899809999998999899999
4970617548554360823234882071521987283295708529969995738999
100 *** *** ** ** *** *** *** **** *
90 ******* *** ******* ************ **********************
80 ******************** ************** **************#*###****
70 *********###******************#####**************########***
60 ******#######****************######************#############
50 ***############**********#############*#**##################
40 ################***#*#######################################
30 ############################################################
20 ############################################################
10 ############################################################
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per minute (last 60 minutes)
* = maximum CPU% # = average CPU%
1111111 1 1111111111111 1 11 1
0000000999989988909000000000000098887788889990900909999998777788799898
0000000742451336109000000000000059746862384370100507534102566301507747
100 ******** **************** ** ****** *
90 ************** ******************** * **************** *******
80 ************************************************************* **********
70 ************************************************************************
60 **#**#******************************************************************
50 #######*************#**#*#*#********************************************
40 #########**********#############***********#######*#********************
30 ###########*******###############*********#############*************#***
20 ####################################**####################*******#######
10 ########################################################################
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours)
* = maximum CPU% # = average CPU%
Czy ktos ma pomysl co jest przyczyna takiego obciazenia ? Mnie sie skonczyly pomysly.
EDIT: Do listingow konfiguracji, show, debug, etc uzywamy znacznikow
Kod: Zaznacz cały
Seba