2811 - Interface input errors and unknown protocol drops

ConstantlyLearningConstantlyLearning Member Posts: 445
Hi all,

An issue was raised that more interface errors than normal were being picked up by monitoring. Counters hadn't been cleared for 42 weeks & 4days.
This interface is the default gateway for a 400 user LAN, there are also nightly backups run from this network which enter the interface. (fa0/1)

It's a 100Mb interface.

Here's the result of a show interface:

FastEthernet0/1 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 0026.99d0.2e09 (bia 0026.99d0.2e09)
Internet address is 192.168.2.46/16
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 3000 usec,
reliability 255/255, txload 3/255, rxload 9/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 42w4d
Input queue: 0/75/63480/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 3920000 bits/sec, 702 packets/sec
30 second output rate 1495000 bits/sec, 580 packets/sec
483160360 packets input, 580603775 bytes
Received 164592900 broadcasts, 128 runts, 0 giants, 42357 throttles
4957386 input errors, 1692 CRC, 7 frame, 0 overrun, 4955559 ignored
0 watchdog
0 input packets with dribble condition detected
1912373289 packets output, 3915123811 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
13566288 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

I cleared the counters for the interface. Here's the result of a show interface 2 days after clearing the counters:

FastEthernet0/1 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 0026.99d0.2e09 (bia 0026.99d0.2e09)
Internet address is 192.168.2.46/16
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 3000 usec,
reliability 255/255, txload 71/255, rxload 7/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 2d00h
Input queue: 0/75/206/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 2780000 bits/sec, 1918 packets/sec
30 second output rate 28047000 bits/sec, 2916 packets/sec
475677291 packets input, 450090857 bytes
Received 1503213 broadcasts, 0 runts, 0 giants, 6 throttles
428 input errors, 0 CRC, 0 frame, 0 overrun, 428 ignored
0 watchdog
0 input packets with dribble condition detected
577929717 packets output, 1781882222 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
125908 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out


The input rate can reach up to 90Mb/s during the backups. My thoughts are that the interface errors, throttles and input queue drops are caused by the high data rate during backups and therefore not something to really be worried about.
The users on the LAN havn't been experiencing any issues with traffic that traverses this router.
From reading around online, the drops can be caused by congestion, which is what makes me think they're caused by the high data rate during backups.

Do these errors and drops look normal?

I think the unknown protocol drops are caused by the BPDU's and DTP from the connected switch interface. From reading around online this seems to usually be caused by CDP/STP/DTP or hardware issue like cabling or interface.

Any thoughts would be great.

Thanks.
"There are 3 types of people in this world, those who can count and those who can't"

Comments

  • ConstantlyLearningConstantlyLearning Member Posts: 445
    Some calculations from the first show interface below:

    Input queue drops: 0.013% of all input packets
    Input errors: 1% of all input packets

    Doesn't seem that bad.
    "There are 3 types of people in this world, those who can count and those who can't"
  • vinbuckvinbuck Member Posts: 785 ■■■■□□□□□□
    Few things here..

    1) Do you have CEF switching enabled on your router?
    2) The 2811 is only capable of L3 switching 61.44 Mbps of traffic using CEF (not process switched - 61.44Mbps = 120,000 packets per second)
    3) Compare the rates of traffic between Fa0/1 and the interface on the 2811 the traffic is going to...see if there is a big disparity (i.e 20 Mbps of traffic coming in one interface should roughly equal 20 Mbps of traffic on the interface it is destined for - this is assuming the traffic isn't getting switched to multiple destination interfaces)
    4) For the unknown protocol drops - what kind of equipment is Fa0/1 connected to and does it support CDP? if CDP isn't enabled on Fa0/1, it will see a CDP request as an unknown protocol and drop it.


    If you are throwing 90Mbps of peak traffic at your router, then it's likely that the input errors are due to the input queue becoming overwhelmed on the Fa0/1 int when you are experiencing a high rate of traffic. Understanding what the router will throughput is critical to understanding performance issues on your network. You can either try to limit the bandwidth at the source of the backups, or use something like the rate-limit command on the interface to settle things down.

    Check out the 2811 performance specs here

    http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf
    Cisco was my first networking love, but my "other" router is a Mikrotik...
  • tierstentiersten Member Posts: 4,505
    I agree with MississippiGuardsman. The errors are probably because it is overloaded and dropping packets on the floor. Its not really "normal" though and you should really consider getting a better router and running some tests on the cable just in case there is a fault somewhere.

    The values quoted in the performance datasheet are worse case numbers where each packet is only 64 bytes and you don't have any features enabled at all like ACLs or IPS. The 2800 doesn't have any hardware acceleration for features at all unlike the bigger routers like the ASRs. You'll be able to push more than 61.44Mbps through it if your packet size is greater.
  • ConstantlyLearningConstantlyLearning Member Posts: 445
    Few things here..

    1) Do you have CEF switching enabled on your router?

    2) The 2811 is only capable of L3 switching 61.44 Mbps of traffic using CEF (not process switched - 61.44Mbps = 120,000 packets per second)

    3) Compare the rates of traffic between Fa0/1 and the interface on the 2811 the traffic is going to...see if there is a big disparity (i.e 20 Mbps of traffic coming in one interface should roughly equal 20 Mbps of traffic on the interface it is destined for - this is assuming the traffic isn't getting switched to multiple destination interfaces)

    4) For the unknown protocol drops - what kind of equipment is Fa0/1 connected to and does it support CDP? if CDP isn't enabled on Fa0/1, it will see a CDP request as an unknown protocol and drop it.

    If you are throwing 90Mbps of peak traffic at your router, then it's likely that the input errors are due to the input queue becoming overwhelmed on the Fa0/1 int when you are experiencing a high rate of traffic. Understanding what the router will throughput is critical to understanding performance issues on your network. You can either try to limit the bandwidth at the source of the backups, or use something like the rate-limit command on the interface to settle things down.

    Check out the 2811 performance specs here

    http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

    1) Yes, CEF is enabled.

    2) My understanding was that 61.44Mb/s would be hardware switched and the remaining would be done using the CPU. There are no other services such as ACL's or non default QOS. I didn't think this would effect throughput, just make the CPU usage increase a bit?

    3) Yeah the data rates pretty much match between the ingress and egress interfaces.

    4) It's connected to a 3560. CDP is enabled on both sides but I can see that BPDU's and DTP frames are being sent out the switch interface. The 2 second interval for the BPDU's and 30 second interval for DTP seems to match the rate at which the unknown protocol drops are happening.


    Cheers, I'll have to read up on the rate-limit feature. I wonder would this just limit the throughput and not have an effect on the queue getting maxed and erros occurring.
    "There are 3 types of people in this world, those who can count and those who can't"
  • ConstantlyLearningConstantlyLearning Member Posts: 445
    tiersten wrote: »
    I agree with MississippiGuardsman. The errors are probably because it is overloaded and dropping packets on the floor. Its not really "normal" though and you should really consider getting a better router and running some tests on the cable just in case there is a fault somewhere.

    The values quoted in the performance datasheet are worse case numbers where each packet is only 64 bytes and you don't have any features enabled at all like ACLs or IPS. The 2800 doesn't have any hardware acceleration for features at all unlike the bigger routers like the ASRs. You'll be able to push more than 61.44Mbps through it if your packet size is greater.

    Yeah, might be worth testing the cables. Might also be worth changing the speed and duplex settings on each end to auto. Currently hard set to 100/full.

    Cheers.
    "There are 3 types of people in this world, those who can count and those who can't"
Sign In or Register to comment.