Jump to content

c3660 перегруз затыкается

IvanI
 Share

Recommended Posts

IvanI

IvanI

Posted
Posted (edited)

на 3660 3 интерфейса, 40 шейп + 40 райтлимит на 2 интерфейсах

под нагрзкой 8 Мбит 2 Кппс входящего 2 Мбит 2 Кппс исходящего загруз скачет до 100%

большенство ограничений на 5 Мбит , 2 больших 25 и 50 Мбит

 

access-list 135 permit ip any host а.а.а.а
access-list 2035 permit ip host а.а.а.а any
class-map out3_135
match access-group 135
exit
policy-map out3
class out3_135
shape average 5120000
exit
exit
class-map in3_2035
match access-group 2035
exit
policy-map in3
class in3_2035
police 5120000 conform-action transmit exceed-action drop
exit
exit
exit

цеф
IP CEF switching enabled
IP CEF Flow Fast switching turbo vector

иф
ip route-cache flow
speed 100
full-duplex
no cdp enable
service-policy input in3
service-policy output out3

5 minute input rate 8209000 bits/sec, 2270 packets/sec
5 minute output rate 2096000 bits/sec, 2071 packets/sec

цпу
                          11111                               
    9999977733888889997333000007333777779932222233333777777666
    8888855599333338888777000007555999999238888899999666668222
100 *****          ***    *****         *                       
90 *****          ***    *****         **                      
80 ********  *********   ******   *******           ******     
70 ********  *********   ******   *******           ******   **
60 ********  *********   ******   *******           ***********
50 ********  *********   ******   *******           ***********
40 **************************************      ****************
30 ************************************************************
20 ************************************************************
10 ************************************************************
   0....5....1....1....2....2....3....3....4....4....5....5....
             0    5    0    5    0    5    0    5    0    5    
               CPU% per second (last 60 seconds)

вер
Cisco IOS Software, 3600 Software (C3660-I-M), Version 12.4(8), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 15-May-06 16:51 by prod_rel_team

ROM: System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)

GW uptime is 28 minutes
System returned to ROM by reload at 09:48:16 UTC Thu May 31 2007
System restarted at 09:49:00 UTC Thu May 31 2007
System image file is "flash:c3660-i-mz.124-8.bin"

Cisco 3660 (R527x) processor (revision 1.0) with 223232K/38912K bytes of memory.
Processor board ID JAB0445C05L
R527x CPU at 225MHz, Implementation 40, Rev 10.0, 2048KB L2 Cache

3660 Chassis type: ENTERPRISE
3 FastEthernet interfaces
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of NVRAM.
16384K bytes of processor board System flash (Read/Write)

 

может я от нее много требую?

или косяк в конфиге?

Edited by IvanI
IvanI

IvanI

Posted
  • Author
Posted (edited)

20 4 92 43 0.00% 0.00% 0.00% 0 Environmental mo

62 4 52 76 0.00% 0.00% 0.00% 0 IP RIB Update

11 220 2397 91 0.00% 0.00% 0.00% 0 IPC Deferred Por

87 400 2666 150 0.00% 0.00% 0.00% 0 IP VFR proc

55 68 397 171 0.00% 0.00% 0.00% 0 TCP Timer

35 464 2388 194 0.00% 0.00% 0.00% 0 TTY Background

74 28 111 252 0.00% 0.00% 0.00% 0 CRM_CALL_UPDATE_

8 12 46 260 0.00% 0.00% 0.00% 0 IPC Dynamic Cach

28 796 2453 324 0.00% 0.00% 0.00% 0 GraphIt

10 908 2397 378 0.00% 0.00% 0.00% 0 IPC Periodic Tim

85 36 94 382 0.00% 0.00% 0.00% 0 CEF Scanner

96 1408 3666 384 0.00% 0.00% 0.00% 0 NAT MIB Helper

44 36 92 391 0.00% 0.00% 0.00% 0 Call Management

68 1872 4566 409 0.00% 0.01% 0.00% 0 IP NAT Ager

23 140 265 528 0.00% 0.00% 0.00% 0 HC Counter Timer

92 212 389 544 0.08% 0.00% 0.00% 0 PDU DISPATCHER

34 8 13 615 0.00% 0.00% 0.00% 0 Logger

41 3100 4090 757 0.00% 0.00% 0.00% 0 Net Input

56 4 5 800 0.00% 0.00% 0.00% 0 TCP Protocols

91 672 778 863 0.16% 0.02% 0.00% 0 IP SNMP

64 3276 3538 925 0.00% 0.01% 0.00% 0 CEF process

58 12 11 1090 0.00% 0.00% 0.00% 0 HTTP CORE

25 4 3 1333 0.00% 0.00% 0.00% 0 Entity MIB API

42 784 536 1462 0.00% 0.00% 0.00% 0 Compute load avg

5 40 25 1600 0.00% 0.00% 0.00% 0 Pool Manager

97 5040 2532 1990 0.00% 0.00% 0.00% 0 NTP

1 16 8 2000 0.00% 0.00% 0.00% 0 Chunk Manager

93 820 390 2102 0.16% 0.02% 0.00% 0 SNMP ENGINE

83 16 7 2285 0.00% 0.00% 0.00% 0 Syslog

2 1612 533 3024 0.00% 0.00% 0.00% 0 Load Meter

61 320 83 3855 0.00% 0.00% 0.00% 0 IP Background

32 2244 468 4794 0.00% 0.00% 0.00% 0 Net Background

69 304 46 6608 0.00% 0.00% 0.00% 0 IP Cache Ager

63 516 48 10750 0.00% 0.00% 0.00% 0 Adj Manager

43 1716 51 33647 0.00% 0.00% 0.00% 0 Per-minute Jobs

21 296 134 2208 0.00% 0.06% 0.01% 226 Virtual Exec

4 9752 349 27942 0.00% 0.04% 0.02% 0 Check heaps

22 13676 8701 1571 0.00% 0.05% 0.05% 0 ARP Input

89 14124 16827 839 0.08% 0.07% 0.10% 0 traffic_shape

36 51580 2511 20541 0.24% 0.22% 0.23% 0 Per-Second Jobs

49 215880 39445 5472 0.49% 0.70% 0.67% 0 IP Input

Edited by IvanI
UglyAdmin

UglyAdmin

Posted
Posted

В обратную сторону, что-ли?

Там интереснее 1-я строчка, где

CPU utilization for five seconds: 14%/13%; one minute: 15%; five minutes: 15%

14%/13% означает загрузку 14%, из них прерываниями занято 13%.

 

1-2 процента разницы нормально.

А если там разброс процентов 10-15, то какой-то процесс грузит. Шейпинг, например или EXEC :)

IvanI

IvanI

Posted
  • Author
Posted

CPU utilization for five seconds: 51%/50%; one minute: 48%; five minutes: 47%

при

5 minute input rate 1779000 bits/sec, 1090 packets/sec

5 minute output rate 9331000 bits/sec, 1297 packets/sec

SergeiK

SergeiK

Posted
Posted

Эти цифры для "сферического коня в вакууме".

 

Но, в Вашем случае система занята, скорее всего, трафиком.

Что на других интерфейсах твориться, в пакетах?

 

Можно посмотреть команду

sh int switching

на предмет не слишком ли много трафика идет через процессор.

IvanI

IvanI

Posted
  • Author
Posted 
FastEthernet0/0 
          Throttle count          0
                   Drops         RP         44         SP          0
             SPD Flushes       Fast          0        SSE          0
             SPD Aggress       Fast          0
            SPD Priority     Inputs      21318      Drops          0

    Protocol  IP                  
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process      11427    1007069      52177   43352963
            Cache misses      11905          -          -          -
                    Fast   20280000 3440687771   22723670 1337714006
               Auton/SSE          0          0          0          0

    Protocol  ARP                 
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process      21317    1279020       2765     165900
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    Protocol  Other               
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process       1757     129990       1730     103800
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    NOTE: all counts are cumulative and reset only after a reload.
FastEthernet1/0 
          Throttle count          0
                   Drops         RP       1547         SP          0
             SPD Flushes       Fast          0        SSE          0
             SPD Aggress       Fast          0
            SPD Priority     Inputs      40655      Drops          0

    Protocol  IP                  
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process     171876   48599617     172527   15194582
            Cache misses       5914          -          -          -
                    Fast   23967631 2115267123   20772041 3595161892
               Auton/SSE          0          0          0          0

    Protocol  ARP                 
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process      40655    2441972         50       3000
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    Protocol  Other               
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process      80538    4841564       1730     103800
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    NOTE: all counts are cumulative and reset only after a reload.
FastEthernet1/1 
          Throttle count          0
                   Drops         RP       4636         SP          0
             SPD Flushes       Fast          0        SSE          0
             SPD Aggress       Fast          0
            SPD Priority     Inputs       8346      Drops          0

    Protocol  IP                  
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process     209026   18178477     194078   72940699
            Cache misses      47891          -          -          -
                    Fast     553751  224512937     520222  252074987
               Auton/SSE          0          0          0          0

    Protocol  ARP                 
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process       8346     502876        726      43560
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    Protocol  Other               
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process          0          0       1730     103800
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    NOTE: all counts are cumulative and reset only after a reload.
NVI0 

    All statistics for this interface are zero.

  • 2 weeks later...
IvanI

IvanI

Posted
  • Author
Posted (edited) 
Current configuration : 18046 bytes
!
! Last configuration change at 11:35:03 UTC Mon Jun 4 2007 by ivan
! NVRAM config last updated at 12:43:32 UTC Mon Jun 4 2007 by ivan
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service dhcp
!
hostname GW
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$bg
!
aaa new-model
!
!
aaa authentication login default local
!
aaa session-id common
!
resource policy
!
memory-size iomem 15
!
!
ip cef
ip domain name a.b
ip name-server 172.17.20.11
ip name-server 172.17.20.8
!
!
!
username 1111 privilege 15 password 7 094E4F
username 2222 password 7 132
username 3333 privilege 15 password 7 08781E
!
!
class-map match-all out3_2010
match access-group 2010
class-map match-all out2_2009
match access-group 2009
class-map match-all out3_112
match access-group 112
class-map match-all out3_121
match access-group 121
class-map match-all out3_130
match access-group 130
class-map match-all out2_146
match access-group 146
class-map match-all out3_113
match access-group 113
class-map match-all out3_120
match access-group 120
class-map match-all out2_147
match access-group 147
class-map match-all out3_123
match access-group 123
class-map match-all out3_132
match access-group 132
class-map match-all out2_144
match access-group 144
class-map match-all out3_111
match access-group 111
class-map match-all out3_122
match access-group 122
class-map match-all out3_133
match access-group 133
class-map match-all out2_145
match access-group 145
class-map match-all out3_116
match access-group 116
class-map match-all out3_125
match access-group 125
class-map match-all out3_134
match access-group 134
class-map match-all out3_117
match access-group 117
class-map match-all out3_124
match access-group 124
class-map match-all out3_135
match access-group 135
class-map match-all out2_143
match access-group 143
class-map match-all out2_152
match access-group 152
class-map match-all out3_114
match access-group 114
class-map match-all out3_127
match access-group 127
class-map match-all out3_136
match access-group 136
class-map match-all out2_151
match access-group 151
class-map match-all out3_115
match access-group 115
class-map match-all out3_126
match access-group 126
class-map match-all out3_137
match access-group 137
class-map match-all out3_140
match access-group 140
class-map match-all out2_150
match access-group 150
class-map match-all out3_129
match access-group 129
class-map match-all out3_138
match access-group 138
class-map match-all out3_139
match access-group 139
class-map match-all out3_118
match access-group 118
class-map match-all out3_119
match access-group 119
class-map match-all out2_148
match access-group 148
class-map match-all out2_149
match access-group 149
class-map match-all in2_109
match access-group 109
class-map match-all in3_110
match access-group 110
class-map match-all in3_2018
match access-group 2018
class-map match-all in3_2019
match access-group 2019
class-map match-all in3_2029
match access-group 2029
class-map match-all in3_2038
match access-group 2038
class-map match-all in3_2039
match access-group 2039
class-map match-all in2_2048
match access-group 2048
class-map match-all in2_2049
match access-group 2049
class-map match-all in3_2023
match access-group 2023
class-map match-all in3_2032
match access-group 2032
class-map match-all in2_2044
match access-group 2044
class-map match-all in3_2011
match access-group 2011
class-map match-all in3_2022
match access-group 2022
class-map match-all in3_2033
match access-group 2033
class-map match-all in2_2045
match access-group 2045
class-map match-all in3_2012
match access-group 2012
class-map match-all in3_2021
match access-group 2021
class-map match-all in3_2030
match access-group 2030
class-map match-all in2_2046
match access-group 2046
class-map match-all in3_2013
match access-group 2013
class-map match-all in3_2020
match access-group 2020
class-map match-all in2_2047
match access-group 2047
class-map match-all in3_2014
match access-group 2014
class-map match-all in3_2027
match access-group 2027
class-map match-all in3_2036
match access-group 2036
class-map match-all in2_2051
match access-group 2051
class-map match-all in3_2015
match access-group 2015
class-map match-all in3_2026
match access-group 2026
class-map match-all in3_2037
match access-group 2037
class-map match-all in3_2040
match access-group 2040
class-map match-all in2_2050
match access-group 2050
class-map match-all in3_2016
match access-group 2016
class-map match-all in3_2025
match access-group 2025
class-map match-all in3_2034
match access-group 2034
class-map match-all in3_2017
match access-group 2017
class-map match-all in3_2024
match access-group 2024
class-map match-all in3_2035
match access-group 2035
class-map match-all in2_2043
match access-group 2043
class-map match-all in2_2052
match access-group 2052
!
!
policy-map in3
class in3_110
   police 131000 conform-action transmit  exceed-action drop 
class in3_2011
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2012
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2013
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2014
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2015
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2016
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2017
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2018
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2019
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2020
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2021
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2022
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2023
   police 25600000 conform-action transmit  exceed-action drop 
class in3_2024
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2025
   police 1048500 conform-action transmit  exceed-action drop 
class in3_2026
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2027
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2029
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2030
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2032
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2033
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2034
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2035
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2036
   police 51200000 conform-action transmit  exceed-action drop 
class in3_2037
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2038
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2039
   police 5120000 conform-action transmit  exceed-action drop 
class in3_2040
   police 5120000 conform-action transmit  exceed-action drop 
policy-map in2
class in2_109
   police 131000 conform-action transmit  exceed-action drop 
class in2_2043
   police 262000 conform-action transmit  exceed-action drop 
class in2_2044
   police 10240000 conform-action transmit  exceed-action drop 
class in2_2045
   police 10240000 conform-action transmit  exceed-action drop 
class in2_2046
   police 10240000 conform-action transmit  exceed-action drop 
class in2_2047
   police 131000 conform-action transmit  exceed-action drop 
class in2_2048
   police 10240000 conform-action transmit  exceed-action drop 
class in2_2049
   police 262000 conform-action transmit  exceed-action drop 
class in2_2050
   police 131000 conform-action transmit  exceed-action drop 
class in2_2051
   police 131000 conform-action transmit  exceed-action drop 
class in2_2052
   police 10240000 conform-action transmit  exceed-action drop 
policy-map in1
policy-map out2
class out2_2009
  shape average 131072
class out2_143
  shape average 1048576
class out2_144
  shape average 10240000
class out2_145
  shape average 10240000
class out2_146
  shape average 10240000
class out2_147
  shape average 131072
class out2_148
  shape average 10240000
class out2_149
  shape average 262144
class out2_150
  shape average 131072
class out2_151
  shape average 262144
class out2_152
  shape average 10240000
policy-map out3
class out3_2010
  shape average 131072
class out3_111
  shape average 5120000
class out3_112
  shape average 5120000
class out3_113
  shape average 5120000
class out3_114
  shape average 5120000
class out3_115
  shape average 5120000
class out3_116
  shape average 5120000
class out3_117
  shape average 5120000
class out3_118
  shape average 5120000
class out3_119
  shape average 5120000
class out3_120
  shape average 5120000
class out3_121
  shape average 5120000
class out3_122
  shape average 5120000
class out3_123
  shape average 25600000
class out3_124
  shape average 5120000
class out3_125
  shape average 1048576
class out3_126
  shape average 5120000
class out3_127
  shape average 5120000
class out3_129
  shape average 5120000
class out3_130
  shape average 5120000
class out3_132
  shape average 5120000
class out3_133
  shape average 5120000
class out3_134
  shape average 5120000
class out3_135
  shape average 5120000
class out3_136
  shape average 51200000
class out3_137
  shape average 5120000
class out3_138
  shape average 5120000
class out3_139
  shape average 5120000
class out3_140
  shape average 5120000
policy-map out1
!
!
!
interface FastEthernet0/0
ip address 172.17.62.14 255.255.255.0 secondary
ip address aaa.bbb.36.226 255.255.255.224
ip access-group 103 in
no ip unreachables
ip nat outside
no ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
no cdp enable
service-policy input in3
service-policy output out3
!
interface FastEthernet1/0
ip address aaa.bbb.40.19 255.255.255.192
ip access-group 101 in
ip access-group 104 out
no ip unreachables
ip nat outside
no ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
no cdp enable
service-policy input in1
service-policy output out1
!
interface FastEthernet1/1
ip address 172.17.20.14 255.255.255.192
ip access-group 102 in
no ip unreachables
ip flow egress
ip nat inside
no ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
no cdp enable
service-policy input in2
service-policy output out2
!
no ip http server
ip flow-export version 5
ip flow-export destination 172.17.20.8 9996
!
ip route 0.0.0.0 0.0.0.0 aaa.bbb.40.1 10
ip route 10.0.0.0 255.0.0.0 Null0 254
ip route 10.0.0.0 255.255.0.0 172.17.20.1 3
ip route 172.16.0.0 255.240.0.0 Null0 254
ip route 192.168.0.0 255.255.0.0 Null0 254
ip route 172.17.0.0 255.255.128.0 172.17.20.3 3
ip route 172.17.0.0 255.255.128.0 172.17.62.49 5
!
ip nat translation timeout 300
ip nat translation tcp-timeout 1200
ip nat translation udp-timeout 66
ip nat translation finrst-timeout 30
ip nat translation icmp-timeout 180
ip nat translation max-entries 10000
ip nat pool one aaa.bbb.40.19 aaa.bbb.40.19 netmask 255.255.255.192
ip nat inside source list 1 pool one overload
ip nat inside source static 10.0.224.1 aaa.bbb.36.242
ip nat inside source static 172.17.20.10 aaa.bbb.36.245
ip nat inside source static tcp 172.17.16.22 1494 aaa.bbb.40.19 1494 extendable
ip nat inside source static udp 172.17.16.22 1604 aaa.bbb.40.19 1604 extendable
ip nat inside source static tcp 10.0.1.149 33389 aaa.bbb.40.19 33389 extendable
ip nat inside source static tcp 172.17.20.11 54 aaa.bbb.40.40 53 extendable
ip nat inside source static udp 172.17.20.11 54 aaa.bbb.40.40 53 extendable
ip nat inside source static 172.17.20.11 aaa.bbb.40.40
!
access-list 1 permit 172.17.20.62
access-list 1 permit 172.17.21.48
access-list 1 permit 172.17.16.41
access-list 1 permit 172.17.7.25
access-list 1 permit 172.17.20.1
access-list 1 permit 172.17.16.138
access-list 101 permit ip any host aaa.bbb.40.19
access-list 101 permit ip any host aaa.bbb.40.40
access-list 101 permit ip any aaa.bbb.36.224 0.0.0.31
access-list 102 permit ip any host 172.17.20.14
access-list 102 permit ip host 172.17.20.10 host 195.161.113.237
access-list 102 permit ip host 172.17.20.11 any
access-list 102 permit ip host 172.17.7.25 host aaa.bbb.33.185
access-list 102 deny   tcp any any eq smtp
access-list 102 permit ip host 172.17.20.10 any
access-list 102 permit ip host 172.17.20.1 any
access-list 102 permit ip host 172.17.20.62 any
access-list 102 permit ip host 172.17.7.25 any
access-list 102 permit ip host 172.17.16.41 any
access-list 102 permit ip host 172.17.16.138 any
access-list 102 permit ip host 172.17.16.22 any
access-list 102 permit ip host 172.17.21.48 any
access-list 102 permit ip host 10.0.224.1 any
access-list 103 permit ip any host 172.17.62.14
access-list 103 permit ip host aaa.bbb.36.230 host 195.14.50.16
access-list 103 deny   tcp host aaa.bbb.36.230 any eq smtp
access-list 103 deny   tcp host aaa.bbb.36.228 any eq smtp
access-list 103 permit ip any host aaa.bbb.36.226
access-list 103 permit ip aaa.bbb.36.224 0.0.0.31 any
access-list 104 permit ip host aaa.bbb.40.19 any
access-list 104 permit ip host aaa.bbb.40.40 any
access-list 104 permit ip aaa.bbb.36.224 0.0.0.31 any
access-list 109 permit ip any host 172.17.20.14
access-list 110 permit ip any host 172.17.62.14
access-list 110 permit ip any host aaa.bbb.36.226
access-list 111 permit ip any host aaa.bbb.36.225
access-list 112 permit ip any host aaa.bbb.36.226
access-list 113 permit ip any host aaa.bbb.36.227
access-list 114 permit ip any host aaa.bbb.36.228
access-list 115 permit ip any host aaa.bbb.36.229
access-list 116 permit ip any host aaa.bbb.36.230
access-list 117 permit ip any host aaa.bbb.36.231
access-list 118 permit ip any host aaa.bbb.36.232
access-list 119 permit ip any host aaa.bbb.36.233
access-list 120 permit ip any host aaa.bbb.36.234
access-list 121 permit ip any host aaa.bbb.36.235
access-list 122 permit ip any host aaa.bbb.36.236
access-list 123 permit ip any host aaa.bbb.36.237
access-list 124 permit ip any host aaa.bbb.36.238
access-list 125 permit ip any host aaa.bbb.36.239
access-list 125 permit ip any host aaa.bbb.36.240
access-list 126 permit ip any host aaa.bbb.36.240
access-list 127 permit ip any host aaa.bbb.36.241
access-list 129 permit ip any host aaa.bbb.36.243
access-list 130 permit ip any host aaa.bbb.36.244
access-list 132 permit ip any host aaa.bbb.36.246
access-list 133 permit ip any host aaa.bbb.36.247
access-list 134 permit ip any host aaa.bbb.36.248
access-list 135 permit ip any host aaa.bbb.36.249
access-list 136 permit ip any host aaa.bbb.36.250
access-list 137 permit ip any host aaa.bbb.36.251
access-list 138 permit ip any host aaa.bbb.36.252
access-list 139 permit ip any host aaa.bbb.36.253
access-list 140 permit ip any host aaa.bbb.36.254
access-list 143 permit ip any host 172.17.20.10
access-list 144 permit ip any host 172.17.20.11
access-list 145 permit ip any host 172.17.20.1
access-list 146 permit ip any host 172.17.20.62
access-list 147 permit ip any host 172.17.7.25
access-list 148 permit ip any host 172.17.16.41
access-list 149 permit ip any host 172.17.16.138
access-list 150 permit ip any host 172.17.16.22
access-list 151 permit ip any host 172.17.21.48
access-list 152 permit ip any host 10.0.224.1
access-list 2009 permit ip host 172.17.20.14 any
access-list 2010 permit ip host 172.17.62.14 any
access-list 2010 permit ip host aaa.bbb.36.226 any
access-list 2011 permit ip host aaa.bbb.36.225 any
access-list 2012 permit ip host aaa.bbb.36.226 any
access-list 2013 permit ip host aaa.bbb.36.227 any
access-list 2014 permit ip host aaa.bbb.36.228 any
access-list 2015 permit ip host aaa.bbb.36.229 any
access-list 2016 permit ip host aaa.bbb.36.230 any
access-list 2017 permit ip host aaa.bbb.36.231 any
access-list 2018 permit ip host aaa.bbb.36.232 any
access-list 2019 permit ip host aaa.bbb.36.233 any
access-list 2020 permit ip host aaa.bbb.36.234 any
access-list 2021 permit ip host aaa.bbb.36.235 any
access-list 2022 permit ip host aaa.bbb.36.236 any
access-list 2023 permit ip host aaa.bbb.36.237 any
access-list 2024 permit ip host aaa.bbb.36.238 any
access-list 2025 permit ip host aaa.bbb.36.239 any
access-list 2026 permit ip host aaa.bbb.36.240 any
access-list 2027 permit ip host aaa.bbb.36.241 any
access-list 2029 permit ip host aaa.bbb.36.243 any
access-list 2030 permit ip host aaa.bbb.36.244 any
access-list 2032 permit ip host aaa.bbb.36.246 any
access-list 2033 permit ip host aaa.bbb.36.247 any
access-list 2034 permit ip host aaa.bbb.36.248 any
access-list 2035 permit ip host aaa.bbb.36.249 any
access-list 2036 permit ip host aaa.bbb.36.250 any
access-list 2037 permit ip host aaa.bbb.36.251 any
access-list 2038 permit ip host aaa.bbb.36.252 any
access-list 2039 permit ip host aaa.bbb.36.253 any
access-list 2040 permit ip host aaa.bbb.36.254 any
access-list 2043 permit ip host 172.17.20.10 any
access-list 2044 permit ip host 172.17.20.11 any
access-list 2045 permit ip host 172.17.20.1 any
access-list 2046 permit ip host 172.17.20.62 any
access-list 2047 permit ip host 172.17.7.25 any
access-list 2048 permit ip host 172.17.16.41 any
access-list 2049 permit ip host 172.17.16.138 any
access-list 2050 permit ip host 172.17.16.22 any
access-list 2051 permit ip host 172.17.21.48 any
access-list 2052 permit ip host 10.0.224.1 any
snmp-server community 5555 RO
snmp-server community 6666 RW
no cdp run
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
!
ntp clock-period 17180177
ntp server 195.2.64.5 version 2
ntp server 194.186.254.22 version 2
!
end

Edited by IvanI
Nailer

Nailer

Posted
Posted

С конфигом-то у вас все правильно, но циска зашивается от необходимости гонять каждый пакет по куче акцесс-листов.

 

Если есть возможность, разнесите клиентов по разным vlan-ам и сделайте ограничение полосы на сабинтерфейсах. Тогда пакеты будут бегать по гораздо более коротким акцесс-листам, чем сейчас. В принципе, даже разбиение клиентов на 3-4 группы должно дать некоторый эффект.

IvanI

IvanI

Posted
  • Author
Posted

насколько я понимаю акл и шейреры/райтлимиты у кошака аппаратные, раньше на ней было 250 шейперов + 250 райтлимитов + нат при 10Мбит трафа - загруз был такойже но была причина - нат

Nailer

Nailer

Posted
Posted
насколько я понимаю акл и шейреры/райтлимиты у кошака аппаратные, раньше на ней было 250 шейперов + 250 райтлимитов + нат при 10Мбит трафа - загруз был такойже но была причина - нат

Нету у 3600 серии ничего аппаратного.

Аппаратное начинается у 7600 - го.

IvanI

IvanI

Posted
  • Author
Posted

после сноса полисей и набора шейперов/райтлимитов в интерфейсы в томже колличестве

 

    46354544445435
    09947758614011
100
90
80
70  *
60  *   *
50  * ****** *  *
40 ************ *
30 ####*####*****
20 ##############
10 ##############
   0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
             0    5    0    5    0    5    0    5    0    5    0    5    0
                   CPU% per hour (last 72 hours)
                  * = maximum CPU%   # = average CPU%

снята в 0:20

 

  5 minute input rate 1878000 bits/sec, 995 packets/sec
  5 minute output rate 7469000 bits/sec, 1155 packets/sec

    222322222222212121211  22222222323332322232333223233332223
    5655946702210909082744568759477095109499938404893614416974
100
90
80
70
60
50
40    *                             *
30 ***** **               ***** **#####*#####*#*####*####******
20 ###################*   #####################################
10 ##################### *#####################################
   0....5....1....1....2....2....3....3....4....4....5....5....
             0    5    0    5    0    5    0    5    0    5
               CPU% per minute (last 60 minutes)
              * = maximum CPU%   # = average CPU%

Nailer

Nailer

Posted
Posted
после сноса полисей и набора шейперов/райтлимитов в интерфейсы в томже колличестве

 

    46354544445435
    09947758614011
100
90
80
70  *
60  *   *
50  * ****** *  *
40 ************ *
30 ####*####*****
20 ##############
10 ##############
   0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
             0    5    0    5    0    5    0    5    0    5    0    5    0
                   CPU% per hour (last 72 hours)
                  * = maximum CPU%   # = average CPU%

снята в 0:20

 

  5 minute input rate 1878000 bits/sec, 995 packets/sec
  5 minute output rate 7469000 bits/sec, 1155 packets/sec

    222322222222212121211  22222222323332322232333223233332223
    5655946702210909082744568759477095109499938404893614416974
100
90
80
70
60
50
40    *                             *
30 ***** **               ***** **#####*#####*#*####*####******
20 ###################*   #####################################
10 ##################### *#####################################
   0....5....1....1....2....2....3....3....4....4....5....5....
             0    5    0    5    0    5    0    5    0    5
               CPU% per minute (last 60 minutes)
              * = maximum CPU%   # = average CPU%

Полегчало чтоли? :-)

 

А что куда снесли? Как я советовал?

IvanI

IvanI

Posted
  • Author
Posted

нет 

interface FastEthernet0/0
ip address bbb secondary
ip address ccc
ip access-group 103 in
no ip unreachables
ip nat outside
no ip virtual-reassembly
rate-limit input access-group 2036 51200000 6400000 6400000 conform-action transmit exceed-action drop
rate-limit input access-group 2011 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2023 25600000 3200000 3200000 conform-action transmit exceed-action drop
rate-limit input access-group 110 128000 16384 16384 conform-action transmit exceed-action drop
rate-limit input access-group 2012 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2013 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2014 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2015 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2016 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2017 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2018 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2019 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2020 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2021 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2022 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2024 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2025 1048000 131072 131072 conform-action transmit exceed-action drop
rate-limit input access-group 2027 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2029 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2030 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2032 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2033 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2034 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2035 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2037 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2038 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2039 5120000 640000 640000 conform-action transmit exceed-action drop
rate-limit input access-group 2040 5120000 640000 640000 conform-action transmit exceed-action drop
ip route-cache flow
speed 100
full-duplex
traffic-shape group 136 51200000 1280000 1280000 1000
traffic-shape group 111 5120000 128000 128000 1000
traffic-shape group 123 25600000 640000 640000 1000
traffic-shape group 2010 131072 16384 16384 1000
traffic-shape group 112 5120000 128000 128000 1000
traffic-shape group 113 5120000 128000 128000 1000
traffic-shape group 114 5120000 128000 128000 1000
traffic-shape group 115 5120000 128000 128000 1000
traffic-shape group 116 5120000 128000 128000 1000
traffic-shape group 117 5120000 128000 128000 1000
traffic-shape group 118 5120000 128000 128000 1000
traffic-shape group 119 5120000 128000 128000 1000
traffic-shape group 120 5120000 128000 128000 1000
traffic-shape group 121 5120000 128000 128000 1000
traffic-shape group 122 5120000 128000 128000 1000
traffic-shape group 124 5120000 128000 128000 1000
traffic-shape group 125 1048576 131072 131072 1000
traffic-shape group 127 5120000 128000 128000 1000
traffic-shape group 129 5120000 128000 128000 1000
traffic-shape group 130 5120000 128000 128000 1000
traffic-shape group 132 5120000 128000 128000 1000
traffic-shape group 133 5120000 128000 128000 1000
traffic-shape group 134 5120000 128000 128000 1000
traffic-shape group 135 5120000 128000 128000 1000
traffic-shape group 137 5120000 128000 128000 1000
traffic-shape group 138 5120000 128000 128000 1000
traffic-shape group 139 5120000 128000 128000 1000
traffic-shape group 140 5120000 128000 128000 1000
no cdp enable
!

IvanI

IvanI

Posted
  • Author
Posted

есть еще подозрение что иос кривой но нету флешки 16MB добавить внутрь когда продовал c3660-ik9o3s-mz.124-6.T.bin помоему работала лучше

Kaban

Kaban

Posted
Posted

sh ip nat statistic покажите.

 

Похоже что НАТ убивает вашу циску (НАТ как показала практика убивает все циски вплоть до 7200).

 

 

насколько я понимаю акл и шейреры/райтлимиты у кошака аппаратные, раньше на ней было 250 шейперов + 250 райтлимитов + нат при 10Мбит трафа - загруз был такойже но была причина - нат

Нету у 3600 серии ничего аппаратного.

Аппаратное начинается у 7600 - го.

У 7200 NPE-G1 и NPE-G2 с хардверной акселерацией CEF-а.

IvanI

IvanI

Posted
  • Author
Posted

нат с нее почти весь убрал

FastEthernet1/1 is up, line protocol is up 
  Hardware is AmdFE, address is 0004.2750.e6e2 (bia 0004.2750.e6e2)
  Internet address is 192.168.20.14/26
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 24000 bits/sec, 22 packets/sec
  5 minute output rate 78000 bits/sec, 22 packets/sec
     29142 packets input, 3780827 bytes
    Received 1079 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     35125 packets output, 17966677 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

GW#sho ip nat t
Pro Inside global      Inside local       Outside local      Outside global
tcp aaa.aaa.40.19:33389 10.0.1.149:33389  ---                ---
udp aaa.aaa.36.242:1026 10.0.224.1:1026   113.183.118.193:30577 113.183.118.193:30577
udp aaa.aaa.36.242:1026 10.0.224.1:1026   196.59.191.228:30577 196.59.191.228:30577
tcp aaa.aaa.36.242:1108 10.0.224.1:1108   205.188.8.213:5190 205.188.8.213:5190
tcp aaa.aaa.36.242:1113 10.0.224.1:1113   80.237.216.232:1433 80.237.216.232:1433
tcp aaa.aaa.36.242:1118 10.0.224.1:1118   207.46.166.103:28805 207.46.166.103:28805
--- aaa.aaa.36.242     10.0.224.1         ---                ---
tcp aaa.aaa.40.19:1494 bbb.bbb.16.22:1494 ---                ---
udp aaa.aaa.40.19:1604 bbb.bbb.16.22:1604 ---                ---
tcp aaa.aaa.40.19:63121 bbb.bbb.16.41:63121 205.188.7.212:443 205.188.7.212:443
udp aaa.aaa.36.245:1026 bbb.bbb.20.10:1026 113.183.118.193:30580 113.183.118.193:30580
udp aaa.aaa.36.245:1026 bbb.bbb.20.10:1026 196.59.191.228:30580 196.59.191.228:30580
--- aaa.aaa.36.245     bbb.bbb.20.10      ---                ---
tcp aaa.aaa.40.40:25   bbb.bbb.20.11:25   125.26.55.63:50420 125.26.55.63:50420
tcp aaa.aaa.40.40:25   bbb.bbb.20.11:25   222.216.109.52:2417 222.216.109.52:2417
Pro Inside global      Inside local       Outside local      Outside global
tcp aaa.aaa.40.40:53   bbb.bbb.20.11:54   ---                ---
udp aaa.aaa.40.40:53   bbb.bbb.20.11:54   61.140.11.214:32971 61.140.11.214:32971
udp aaa.aaa.40.40:53   bbb.bbb.20.11:54   80.82.32.11:53     80.82.32.11:53
udp aaa.aaa.40.40:53   bbb.bbb.20.11:54   83.18.127.114:32770 83.18.127.114:32770
udp aaa.aaa.40.40:53   bbb.bbb.20.11:54   194.204.159.14:32768 194.204.159.14:32768
udp aaa.aaa.40.40:53   bbb.bbb.20.11:54   206.13.28.57:16983 206.13.28.57:16983
udp aaa.aaa.40.40:53   bbb.bbb.20.11:54   ---                ---
tcp aaa.aaa.40.40:80   bbb.bbb.20.11:80   aaa.aaa.49.55:1072 aaa.aaa.49.55:1072
tcp aaa.aaa.40.40:80   bbb.bbb.20.11:80   aaa.aaa.49.55:1073 aaa.aaa.49.55:1073
tcp aaa.aaa.40.40:80   bbb.bbb.20.11:80   aaa.aaa.49.55:1074 aaa.aaa.49.55:1074
tcp aaa.aaa.40.40:80   bbb.bbb.20.11:80   aaa.aaa.49.55:1075 aaa.aaa.49.55:1075
tcp aaa.aaa.40.40:80   bbb.bbb.20.11:80   aaa.aaa.49.55:1076 aaa.aaa.49.55:1076
tcp aaa.aaa.40.40:80   bbb.bbb.20.11:80   aaa.aaa.49.55:1077 aaa.aaa.49.55:1077
tcp aaa.aaa.40.40:80   bbb.bbb.20.11:80   aaa.aaa.49.55:1078 aaa.aaa.49.55:1078
tcp aaa.aaa.40.40:80   bbb.bbb.20.11:80   aaa.aaa.49.55:1088 aaa.aaa.49.55:1088
tcp aaa.aaa.40.40:80   bbb.bbb.20.11:80   aaa.aaa.49.55:1089 aaa.aaa.49.55:1089
udp aaa.aaa.40.40:1026 bbb.bbb.20.11:1026 61.39.115.72:30370 61.39.115.72:30370
udp aaa.aaa.40.40:1026 bbb.bbb.20.11:1026 194.50.240.63:30370 194.50.240.63:30370
Pro Inside global      Inside local       Outside local      Outside global
udp aaa.aaa.40.40:1026 bbb.bbb.20.11:1026 221.208.208.92:43008 221.208.208.92:43008
udp aaa.aaa.40.40:1026 bbb.bbb.20.11:1026 221.208.208.104:44723 221.208.208.104:44723
udp aaa.aaa.40.40:1027 bbb.bbb.20.11:1027 221.208.208.104:44723 221.208.208.104:44723
tcp aaa.aaa.40.40:6667 bbb.bbb.20.11:6667 62.205.178.132:1054 62.205.178.132:1054
tcp aaa.aaa.40.40:6667 bbb.bbb.20.11:6667 62.205.178.132:3321 62.205.178.132:3321
tcp aaa.aaa.40.40:6667 bbb.bbb.20.11:6667 80.71.250.42:4777  80.71.250.42:4777
tcp aaa.aaa.40.40:6667 bbb.bbb.20.11:6667 83.149.9.44:9917   83.149.9.44:9917
tcp aaa.aaa.40.40:6667 bbb.bbb.20.11:6667 83.149.9.247:26042 83.149.9.247:26042
tcp aaa.aaa.40.40:6667 bbb.bbb.20.11:6667 89.178.238.16:2800 89.178.238.16:2800
tcp aaa.aaa.40.40:6667 bbb.bbb.20.11:6667 aaa.aaa.49.55:1040 aaa.aaa.49.55:1040
tcp aaa.aaa.40.40:6667 bbb.bbb.20.11:6667 213.87.86.117:48602 213.87.86.117:48602
tcp aaa.aaa.40.40:6667 bbb.bbb.20.11:6667 213.87.86.117:49149 213.87.86.117:49149
tcp aaa.aaa.40.40:6667 bbb.bbb.20.11:6667 217.118.66.4:34987 217.118.66.4:34987
tcp aaa.aaa.40.40:6667 bbb.bbb.20.11:6667 217.118.66.24:22270 217.118.66.24:22270
Pro Inside global      Inside local       Outside local      Outside global
tcp aaa.aaa.40.40:6667 bbb.bbb.20.11:6667 217.118.66.46:24395 217.118.66.46:24395
tcp aaa.aaa.40.40:55721 bbb.bbb.20.11:55721 aaa.aaa.32.71:6667 aaa.aaa.32.71:6667
tcp aaa.aaa.40.40:55898 bbb.bbb.20.11:55898 62.204.69.3:25   62.204.69.3:25
tcp aaa.aaa.40.40:55900 bbb.bbb.20.11:55900 62.204.69.3:25   62.204.69.3:25
udp aaa.aaa.40.40:59104 bbb.bbb.20.11:59104 aaa.aaa.40.40:53 aaa.aaa.40.40:53
udp aaa.aaa.40.40:61586 bbb.bbb.20.11:61586 87.118.112.140:53 87.118.112.140:53
udp aaa.aaa.40.40:61586 bbb.bbb.20.11:61586 aaa.aaa.32.66:53 aaa.aaa.32.66:53
udp aaa.aaa.40.40:61586 bbb.bbb.20.11:61586 aaa.aaa.40.40:53 aaa.aaa.40.40:53
--- aaa.aaa.40.40      bbb.bbb.20.11      ---                ---
GW#

IvanI

IvanI

Posted
  • Author
Posted 
GW#sho ip nat s
Total active translations: 73 (8 static, 65 dynamic; 70 extended)
Outside interfaces:
  FastEthernet0/0, FastEthernet1/0
Inside interfaces: 
  FastEthernet1/1
Hits: 4126062  Misses: 24566
CEF Translated packets: 2688029, CEF Punted packets: 2773827
Expired translations: 45801
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool one refcount 9
pool one: netmask 255.255.255.192
    start aaa.aaa.40.19 end aaa.aaa.40.19
    type generic, total addresses 1, allocated 1 (100%), misses 0
Queued Packets: 0
GW#

Kaban

Kaban

Posted
Posted (edited)

Если это в момент перегрузки проца, то значит не в NAT-е дело (аж 70 трансляций его не нагрузят).

Edited by Kaban
Kaban

Kaban

Posted
Posted

 

У 7200 NPE-G1 и NPE-G2 с хардверной акселерацией CEF-а.

Откуда дровишки?

 

ЗЫ. ВЫ NPE с дохлым NSE не перепутали часом?

Извиняюсь, прогнал маленько. NPE-G1/2 софтовые (правда как они умудрились тогда соответственно 1 и 2 млн пакетов получить не пойму).

UglyAdmin

UglyAdmin

Posted
Posted

Извиняюсь, прогнал маленько. NPE-G1/2 софтовые (правда как они умудрились тогда соответственно 1 и 2 млн пакетов получить не пойму).

Процессором, писюки тоже могут. Кроме того это сферические пакеты в вакууме. :)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...
На сайте используются файлы cookie и сервисы аналитики для корректной работы форума и улучшения качества обслуживания. Продолжая использовать сайт, вы соглашаетесь с использованием файлов cookie и с Политикой конфиденциальности.