From: Landon Fitts (l.fitts@xxxxxxxxxxxxxx)
Date: Thu Apr 25 2002 - 16:08:26 GMT-3
Guys,
This should be the normal behavior based on my previous email. Here is why.
The ping traffic generated by your local router to R2 is process-switched
(all-packets), because it is being generated by the router (not passing
through). The voice traffic that is passing through you router is only
process-switch initially (the reason for the initial number of hits to the
ACL),
and then subsequent packets are fast-switch (why there is not more hits or
increase to the ACL). Now, when you configure "no ip route-cache" ALL
packet passing through the router are process-switch. Hence the continued
increase in hits to your ACL.
Now, this is my understanding and logic. As I said someone can correct me
if I am wrong.
Regards,
Landon Fitts
CCNP, CCDP, NNCSE, NNCDE
l.fitts@mindspring.com
----- Original Message -----
From: "Lupi, Guy" <Guy.Lupi@eurekaggn.com>
To: "'Landon Fitts'" <l.fitts@mindspring.com>
Cc: <ccielab@groupstudy.com>
Sent: Thursday, April 25, 2002 2:39 PM
Subject: RE: ip route-cache (long)
> Here is an example of what I am talking about. Traffic generated by the
> local router gets prioritized no problem, that is the icmp in the access
> list 102. Now, I set up Voip from a router behind router 2 to a router
> somewhere else in the network. I should see the access list taking hits
for
> the udp traffic with ip route cache turned on, but I don't. I then turn
ip
> route cache off and there it is, the access list starts taking hundreds of
> hits. This is what I am concerned about. Does this indicate that route
> cache has to be turned off if the traffic is not generated by the local
> router? Configs below:
>
> interface Loopback0
> ip address 2.2.2.2 255.255.255.0
> !
> interface Serial0
> no ip address
> encapsulation frame-relay
> priority-group 1
> !
> interface Serial0.1 point-to-point
> ip address 172.16.72.2 255.255.255.0
> ip access-group 101 in
> ipx network 25
> frame-relay interface-dlci 225
> !
> access-list 102 permit icmp host 2.2.2.2 host 172.16.72.5
> access-list 102 permit udp any any range 16384 32767
> access-list 102 permit udp any range 16384 32767 any
> priority-list 1 protocol ip high list 102
> priority-list 1 default low
>
> Here, I do 1000 pings to r2 with route cache turned on, as you can see the
> traffic is showing up as a match in the access list specified in the
> priority list, and if I do a debug priority I see it go into the high
queue.
> Notice the second line. I have VOIP running accross this router, that
> traffic is not locally generated, that number should be up in the
thousands.
>
> r2#sh access-l 102
> Extended IP access list 102
> permit icmp host 2.2.2.2 host 172.16.72.5 (1005 matches)
> permit udp any any range 16384 32767 (35 matches)
> permit udp any range 16384 32767 any
> r2#
>
> The following show is about 5 minutes later, notice on the second line, it
> has increased by only 10 packets.
>
> r2#sh access-l 102
> Extended IP access list 102
> permit icmp host 2.2.2.2 host 172.16.72.5 (1005 matches)
> permit udp any any range 16384 32767 (45 matches)
> permit udp any range 16384 32767 any
> r2#
>
> Now, I turn off ip route cache on serial 0, and do 3 shows one right after
> the other, notice the drastic change in the hits on line 2. This is why I
> am concerned, do I have to have route cache turned off if the traffic is
not
> locally generated? It appears so.
>
> r2#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> r2(config)#int s0
> r2(config-if)#no ip route-cache
> r2(config-if)#end
> r2#sh access-l 102
> Extended IP access list 102
> permit icmp host 2.2.2.2 host 172.16.72.5 (1005 matches)
> permit udp any any range 16384 32767 (179 matches)
> permit udp any range 16384 32767 any
> r2#sh access-l 102
> Extended IP access list 102
> permit icmp host 2.2.2.2 host 172.16.72.5 (1005 matches)
> permit udp any any range 16384 32767 (268 matches)
> permit udp any range 16384 32767 any
> r2#sh access-l 102
> Extended IP access list 102
> permit icmp host 2.2.2.2 host 172.16.72.5 (1005 matches)
> permit udp any any range 16384 32767 (320 matches)
> permit udp any range 16384 32767 any
> r2#
>
> ~-----Original Message-----
> ~From: Landon Fitts [mailto:l.fitts@mindspring.com]
> ~Sent: Thursday, April 25, 2002 2:13 PM
> ~To: Lupi, Guy
> ~Cc: ccielab@groupstudy.com
> ~Subject: Re: ip route-cache
> ~
> ~
> ~Guy,
> ~
> ~In the way that I understand the router to "process" an
> ~incoming packet,
> ~is that if congestion occurs at the outgoing interface, the queuing
> ~technique in place will occur irregardless of whether you are doing
> ~process-switching or fast-switching (I know I will be corrected if my
> ~understanding is wrong).
> ~
> ~When a packet enters the router interface, the router says do
> ~I "process"
> ~switch this packet or "fast-switch" it. If it is process switched the
> ~packet will go through the normal route process. If fast-switched the
> ~packet will be "switched" to the outgoing interface based on
> ~the information
> ~in the "route-cache". The one thing that I am curious about is that I
> ~thought if you apply an access-list to an interface, that
> ~forces the router
> ~to process-switch
> ~on that interface by default. So, when you didn't get any
> ~debug messages or
> ~hits for your ACL that confused me a little. Was your ACL
> ~applied to an
> ~interface or did you just set up an ACL globally so you could see hits?
> ~
> ~One last thing is that even if you have fast-switching enabled on an
> ~interface the first packet to a particular destination will be
> ~process-switched to build the cache, and then subsequent
> ~packets will be
> ~fast-switched.
> ~
> ~HTH
> ~
> ~Regards,
> ~
> ~Landon Fitts
> ~CCNP, CCDP, NNCSE, NNCDE
> ~l.fitts@mindspring.com
> ~
> ~
> ~----- Original Message -----
> ~From: "Lupi, Guy" <Guy.Lupi@eurekaggn.com>
> ~To: "'Landon Fitts'" <l.fitts@mindspring.com>; <ccielab@groupstudy.com>
> ~Sent: Thursday, April 25, 2002 1:39 PM
> ~Subject: RE: ip route-cache
> ~
> ~
> ~> Thanks for that link. Now my question is, since I had to turn off ip
> ~route
> ~> cache to see the debugging output and the hits on the ACL, was the
> ~priority
> ~> queueing working with ip route cache turned on? I imagine
> ~that it was,
> ~> since I have never seen a reference that states you have to
> ~turn route
> ~> caching off when using it.
> ~>
> ~> ~-----Original Message-----
> ~> ~From: Landon Fitts [mailto:l.fitts@mindspring.com]
> ~> ~Sent: Wednesday, April 24, 2002 11:07 PM
> ~> ~To: Lupi, Guy; ccielab@groupstudy.com
> ~> ~Subject: Re: ip route-cache
> ~> ~
> ~> ~
> ~> ~Guys,
> ~> ~
> ~> ~Here is an excerpt from cco -
> ~> ~http://www.cisco.com/univercd/cc/td/doc/product/software/ios122
> ~> ~/122cgcr/fswt
> ~> ~ch_c/swprt1/xcfipsp.htm#xtocid7
> ~> ~(watch the word wrap)
> ~> ~
> ~> ~For some diagnostics, such as debugging and packet-level
> ~> ~tracing, you will
> ~> ~need to disable fast switching. If fast switching is running,
> ~> ~you will not
> ~> ~see packets unless they pass through the Route Processor (RP).
> ~> ~Packets would
> ~> ~otherwise be switched on the interface. You might want to
> ~turn off fast
> ~> ~switching temporarily and bypass the RP while you are
> ~trying to capture
> ~> ~information.
> ~> ~
> ~> ~Regards,
> ~> ~
> ~> ~Landon Fitts
> ~> ~CCNP, CCDP, NNCSE, NNCDE
> ~> ~l.fitts@mindspring.com
> ~> ~
> ~> ~----- Original Message -----
> ~> ~From: "Lupi, Guy" <Guy.Lupi@eurekaggn.com>
> ~> ~To: <ccielab@groupstudy.com>
> ~> ~Sent: Wednesday, April 24, 2002 9:24 PM
> ~> ~Subject: ip route-cache
> ~> ~
> ~> ~
> ~> ~> I have noticed on several occasions that on my 2500 series
> ~> ~routers, I will
> ~> ~> try to set up priority or custom queueing and turn on
> ~> ~debugging and find
> ~> ~> that it is not working. Then I go to the interface and use
> ~> ~the "no ip
> ~> ~> route-cache" command, and all of the sudden I see the debug
> ~> ~outputs and
> ~> ~the
> ~> ~> access list for the queueing taking hits. I have found that
> ~> ~I only need
> ~> ~to
> ~> ~> do this on the 2500's, and not on the 2600's. Does anyone
> ~> ~know of a link
> ~> ~> that explains when and why one should turn off ip route-cache? I
> ~> ~understand
> ~> ~> that it disables fast switching and enables process
> ~switching, I just
> ~> ~don't
> ~> ~> know exactly when to use it. Thanks.
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:19 GMT-3