From: Lupi, Guy (Guy.Lupi@xxxxxxxxxxxxx)
Date: Thu Apr 25 2002 - 15:39:50 GMT-3
Here is an example of what I am talking about. Traffic generated by the
local router gets prioritized no problem, that is the icmp in the access
list 102. Now, I set up Voip from a router behind router 2 to a router
somewhere else in the network. I should see the access list taking hits for
the udp traffic with ip route cache turned on, but I don't. I then turn ip
route cache off and there it is, the access list starts taking hundreds of
hits. This is what I am concerned about. Does this indicate that route
cache has to be turned off if the traffic is not generated by the local
router? Configs below:
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Serial0
no ip address
encapsulation frame-relay
priority-group 1
!
interface Serial0.1 point-to-point
ip address 172.16.72.2 255.255.255.0
ip access-group 101 in
ipx network 25
frame-relay interface-dlci 225
!
access-list 102 permit icmp host 2.2.2.2 host 172.16.72.5
access-list 102 permit udp any any range 16384 32767
access-list 102 permit udp any range 16384 32767 any
priority-list 1 protocol ip high list 102
priority-list 1 default low
Here, I do 1000 pings to r2 with route cache turned on, as you can see the
traffic is showing up as a match in the access list specified in the
priority list, and if I do a debug priority I see it go into the high queue.
Notice the second line. I have VOIP running accross this router, that
traffic is not locally generated, that number should be up in the thousands.
r2#sh access-l 102
Extended IP access list 102
permit icmp host 2.2.2.2 host 172.16.72.5 (1005 matches)
permit udp any any range 16384 32767 (35 matches)
permit udp any range 16384 32767 any
r2#
The following show is about 5 minutes later, notice on the second line, it
has increased by only 10 packets.
r2#sh access-l 102
Extended IP access list 102
permit icmp host 2.2.2.2 host 172.16.72.5 (1005 matches)
permit udp any any range 16384 32767 (45 matches)
permit udp any range 16384 32767 any
r2#
Now, I turn off ip route cache on serial 0, and do 3 shows one right after
the other, notice the drastic change in the hits on line 2. This is why I
am concerned, do I have to have route cache turned off if the traffic is not
locally generated? It appears so.
r2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
r2(config)#int s0
r2(config-if)#no ip route-cache
r2(config-if)#end
r2#sh access-l 102
Extended IP access list 102
permit icmp host 2.2.2.2 host 172.16.72.5 (1005 matches)
permit udp any any range 16384 32767 (179 matches)
permit udp any range 16384 32767 any
r2#sh access-l 102
Extended IP access list 102
permit icmp host 2.2.2.2 host 172.16.72.5 (1005 matches)
permit udp any any range 16384 32767 (268 matches)
permit udp any range 16384 32767 any
r2#sh access-l 102
Extended IP access list 102
permit icmp host 2.2.2.2 host 172.16.72.5 (1005 matches)
permit udp any any range 16384 32767 (320 matches)
permit udp any range 16384 32767 any
r2#
~-----Original Message-----
~From: Landon Fitts [mailto:l.fitts@mindspring.com]
~Sent: Thursday, April 25, 2002 2:13 PM
~To: Lupi, Guy
~Cc: ccielab@groupstudy.com
~Subject: Re: ip route-cache
~
~
~Guy,
~
~In the way that I understand the router to "process" an
~incoming packet,
~is that if congestion occurs at the outgoing interface, the queuing
~technique in place will occur irregardless of whether you are doing
~process-switching or fast-switching (I know I will be corrected if my
~understanding is wrong).
~
~When a packet enters the router interface, the router says do
~I "process"
~switch this packet or "fast-switch" it. If it is process switched the
~packet will go through the normal route process. If fast-switched the
~packet will be "switched" to the outgoing interface based on
~the information
~in the "route-cache". The one thing that I am curious about is that I
~thought if you apply an access-list to an interface, that
~forces the router
~to process-switch
~on that interface by default. So, when you didn't get any
~debug messages or
~hits for your ACL that confused me a little. Was your ACL
~applied to an
~interface or did you just set up an ACL globally so you could see hits?
~
~One last thing is that even if you have fast-switching enabled on an
~interface the first packet to a particular destination will be
~process-switched to build the cache, and then subsequent
~packets will be
~fast-switched.
~
~HTH
~
~Regards,
~
~Landon Fitts
~CCNP, CCDP, NNCSE, NNCDE
~l.fitts@mindspring.com
~
~
~----- Original Message -----
~From: "Lupi, Guy" <Guy.Lupi@eurekaggn.com>
~To: "'Landon Fitts'" <l.fitts@mindspring.com>; <ccielab@groupstudy.com>
~Sent: Thursday, April 25, 2002 1:39 PM
~Subject: RE: ip route-cache
~
~
~> Thanks for that link. Now my question is, since I had to turn off ip
~route
~> cache to see the debugging output and the hits on the ACL, was the
~priority
~> queueing working with ip route cache turned on? I imagine
~that it was,
~> since I have never seen a reference that states you have to
~turn route
~> caching off when using it.
~>
~> ~-----Original Message-----
~> ~From: Landon Fitts [mailto:l.fitts@mindspring.com]
~> ~Sent: Wednesday, April 24, 2002 11:07 PM
~> ~To: Lupi, Guy; ccielab@groupstudy.com
~> ~Subject: Re: ip route-cache
~> ~
~> ~
~> ~Guys,
~> ~
~> ~Here is an excerpt from cco -
~> ~http://www.cisco.com/univercd/cc/td/doc/product/software/ios122
~> ~/122cgcr/fswt
~> ~ch_c/swprt1/xcfipsp.htm#xtocid7
~> ~(watch the word wrap)
~> ~
~> ~For some diagnostics, such as debugging and packet-level
~> ~tracing, you will
~> ~need to disable fast switching. If fast switching is running,
~> ~you will not
~> ~see packets unless they pass through the Route Processor (RP).
~> ~Packets would
~> ~otherwise be switched on the interface. You might want to
~turn off fast
~> ~switching temporarily and bypass the RP while you are
~trying to capture
~> ~information.
~> ~
~> ~Regards,
~> ~
~> ~Landon Fitts
~> ~CCNP, CCDP, NNCSE, NNCDE
~> ~l.fitts@mindspring.com
~> ~
~> ~----- Original Message -----
~> ~From: "Lupi, Guy" <Guy.Lupi@eurekaggn.com>
~> ~To: <ccielab@groupstudy.com>
~> ~Sent: Wednesday, April 24, 2002 9:24 PM
~> ~Subject: ip route-cache
~> ~
~> ~
~> ~> I have noticed on several occasions that on my 2500 series
~> ~routers, I will
~> ~> try to set up priority or custom queueing and turn on
~> ~debugging and find
~> ~> that it is not working. Then I go to the interface and use
~> ~the "no ip
~> ~> route-cache" command, and all of the sudden I see the debug
~> ~outputs and
~> ~the
~> ~> access list for the queueing taking hits. I have found that
~> ~I only need
~> ~to
~> ~> do this on the 2500's, and not on the 2600's. Does anyone
~> ~know of a link
~> ~> that explains when and why one should turn off ip route-cache? I
~> ~understand
~> ~> that it disables fast switching and enables process
~switching, I just
~> ~don't
~> ~> know exactly when to use it. Thanks.
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:19 GMT-3