slow performance

dnt123

Hi everyone,

I just bought a new cisco 1841 security bundle router with 2 fast ethernet ports. I was running on a 1721 router before this and I find that my network performance and connectivity to the internet has noticably slowed down. I checked speakeasy for my bandwidth performance and the specs are where it should be. Any Ideas what might be causing this slow down? I am currently using RIP routing version 2 , my interfaces are set to duplex auto and speed auto and I'm connected to a cable modem connection. Any advise would be much appreciated.

Thanks!

phantasm

If this is connected to your Cable Modem, and is the only router, I don't think you need RIP configured. You should just be using PAT, and configure a default route. That would be where I would start.

dnt123

I am using nat/pat ie: "ip nat inside source list 101 interface f0/0 overload" and a default route. So could their be any othe reason why this is happening? maybe ACL's?

phantasm

Can you post a sh run of your config?

mikej412

What traffic is slower? All traffic? Internal traffic? Internet Traffic?

What do your interface statistics show?

What does your arp table show?

dnt123

It looks like internet and e-mailing.

dnt123

here is my show run

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname abc
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$v1e
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
!
!
ip domain name abc.local
!
!
!
crypto pki trustpoint TP-self-signed-9
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-9
revocation-check none
rsakeypair TP-self-signed-9
!
!
crypto pki certificate chain TP-self-signed-
certificate self-signed 01
308
quit
username jaguar privilege 15 secret 5 $1
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_WAN$$FW_OUTSIDE$
ip address 24.79.10.194 255.255.255.248
ip access-group 101 in
ip verify unicast reverse-path
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
router rip
version 2
network 24.0.0.0
network 192.168.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.0.2 80 24.79.10.194 80 extendable
!
access-list 1 remark INSIDE_IF=FastEthernet0/1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 24.79.10.192 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp any host 24.79.10.194 eq www
access-list 101 deny ip 192.168.0.0 0.0.0.255 any
access-list 101 permit icmp any host 24.79.10.194 echo-reply
access-list 101 permit icmp any host 24.79.10.194 time-exceeded
access-list 101 permit icmp any host 24.79.10.194 unreachable
access-list 101 permit udp any any eq rip
access-list 101 permit ip any host 224.0.0.9
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
end

dnt123

here are my statistics

cvd: 29762029 total, 165271 local destination
0 format errors, 0 checksum errors, 0 bad hop count
0 unknown protocol, 0 not a gateway
0 security failures, 0 bad options, 0 with options
Opts: 0 end, 0 nop, 0 basic security, 0 loose source route
0 timestamp, 0 extended security, 0 record route
0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump
0 other
Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble
0 fragmented, 0 fragments, 0 couldn't fragment
Bcast: 114233 received, 0 sent
Mcast: 12921 received, 22326 sent
Sent: 90102 generated, 15179402 forwarded
Drop: 200395 encapsulation failed, 0 unresolved, 0 no adjacency
1023 no route, 0 unicast RPF, 0 forced drop
0 options denied
Drop: 0 packets with source IP address zero
Drop: 0 packets with internal loop back IP address

ICMP statistics:
Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 6 unreachable
15 echo, 16 echo reply, 0 mask requests, 0 mask replies, 0 quench
--More--
ICMP statistics:
Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 6 unreachable
15 echo, 16 echo reply, 0 mask requests, 0 mask replies, 0 quench
0 parameter, 0 timestamp, 0 info request, 0 other
0 irdp solicitations, 0 irdp advertisements
Sent: 4 redirects, 4562 unreachable, 15 echo, 15 echo reply
0 mask requests, 0 mask replies, 0 quench, 0 timestamp
0 info reply, 0 time exceeded, 0 parameter problem
0 irdp solicitations, 0 irdp advertisements

TCP statistics:
Rcvd: 37935 total, 0 checksum errors, 4852 no port
Sent: 63574 total

IP-EIGRP statistics:
Rcvd: 0 total
Sent: 32 total

PIMv2 statistics: Sent/Received
Total: 0/0, 0 checksum errors, 0 format errors
Registers: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0, Hellos: 0/0
Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0
Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0
State-Refresh: 0/0

IGMP statistics: Sent/Received
Total: 0/0, Format errors: 0/0, Checksum errors: 0/0
Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0
DVMRP: 0/0, PIM: 0/0
Queue drops: 0

UDP statistics:
Rcvd: 127337 total, 0 checksum errors, 125677 no port
Sent: 22230 total, 0 forwarded broadcasts

OSPF statistics:
Rcvd: 0 total, 0 checksum errors
0 hello, 0 database desc, 0 link state req
0 link state updates, 0 link state acks

Sent: 66 total
66 hello, 0 database desc, 0 link state req
0 link state updates, 0 link state acks

ARP statistics:
Rcvd: 238435 requests, 154249 replies, 0 reverse, 0 other
Sent: 154499 requests, 95625 replies (6 proxy), 0 reverse
--More--

mikej412

dnt123 wrote:

Drop: 200395 encapsulation failed, 0 unresolved, 0 no adjacency

Which interface is this?

Arp table?

dnt123

I'm not sure which interface it's comming from. but here are my interface statistics and a snippet of my arp table

FastEthernet0/0 is up, line protocol is up
Hardware is Gt96k FE, address is 001e.f707.5f68 (bia 001e.f707.5f6
Description: $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_WAN$$FW_OUTSIDE$
Internet address is 24.79.10.194/29
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/3/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 317000 bits/sec, 60 packets/sec
5 minute output rate 126000 bits/sec, 57 packets/sec
8218226 packets input, 919909778 bytes
Received 6502 broadcasts, 0 runts, 0 giants, 0 throttles
5 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
7737515 packets output, 1749476756 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out


FastEthernet0/1 is up, line protocol is up
Hardware is Gt96k FE, address is 001e.f707.5f69 (bia 001e.f707.5f69)
Description: $ES_LAN$$FW_INSIDE$
Internet address is 192.168.0.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/302071/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 131000 bits/sec, 58 packets/sec
5 minute output rate 349000 bits/sec, 59 packets/sec
8353670 packets input, 1816653038 bytes
Received 593068 broadcasts, 0 runts, 0 giants, 0 throttles
9 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
8221350 packets output, 916626803 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
NVI0 is up, line protocol is up
Hardware is NVI
MTU 1514 bytes, BW 10000000 Kbit, DLY 0 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation UNKNOWN, loopback not set
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out

ARP Table

Internet 80.223.97.238 233 001d.e5c8.084b ARPA FastEthernet0/0
Internet 89.106.112.67 237 001d.e5c8.084b ARPA FastEthernet0/0
Internet 24.6.28.2 10 001d.e5c8.084b ARPA FastEthernet0/0
Internet 208.109.138.55 23 001d.e5c8.084b ARPA FastEthernet0/0
Internet 87.17.171.237 147 001d.e5c8.084b ARPA FastEthernet0/0
Internet 81.180.167.66 12 001d.e5c8.084b ARPA FastEthernet0/0
Internet 154.15.247.98 89 001d.e5c8.084b ARPA FastEthernet0/0
Internet 12.130.135.9 62 001d.e5c8.084b ARPA FastEthernet0/0
Internet 216.35.107.144 42 001d.e5c8.084b ARPA FastEthernet0/0
Internet 67.19.210.130 56 001d.e5c8.084b ARPA FastEthernet0/0

dtlokee

Your problem is the "ip route 0.0.0.0 0.0.0.0 FastEthernet0/0". If you are going to rely on an exit interface that is multiaccess it will need proxy arp for all remot hosts = BAD. You should either hard code the IP address (you have) and put the "ip route 0.0.0.0 0.0.0.0 <default gw IP address>" command or use "ip address dhcp" on the outside interface if it's supported and let the dhcp server assign the default route

dnt123

Setting it to a hard coded default route did the trick. Thanks a million dtlokee!!!

dtlokee

The reason Mike was asking for the arp table is because it shows the problem. Normally all arp entries should be on a directly connected subnet but in this case you have a bunch of entries for remote subnets with the same mac address. This is due to proxy arp on the next hop router responding to your router's arp request for the mac address of the destination with it's own mac address. This is a bad situation because of the speed issues but also it will require an arp entry on your router for every single remote ip address you are connecting to.

dnt123

Your absolutely right, I'm looking at my arp table and it makes sense. Thanks for the info, I learned something today.