Re: Help:Input Queue Congestion Problem

From: James (james@towardex.com)
Date: Mon Sep 27 2004 - 15:55:52 GMT-3

• Next message: Joe Rothstein: "FR command clarification"
• Previous message: gladston@br.ibm.com: "Re: CCIE lab exam"
• Maybe in reply to: Peasah, Richard Kwame: "Help:Input Queue Congestion Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Mon, Sep 27, 2004 at 11:24:45AM -0700, P729 wrote:
> Richard,
>
> Someone could be bombing your site with traceroutes or packets with TTL set
> to 1.

If that is the case, that someone would be on _your_ network or on your peer 1-2
hops away. You should able to find out whether its coming if you have more logs
available to you, and if the issue lasts longer per run to be visible by monitoring
tools.

> The router may have to process switch these packets. The flushes
> indicate SPD is kicking in, which leads me to believe that the router is
> spending a lot of time process switching on that interface for some reason.

I'm not sure how Cisco IOS implements this one, but it would be quite wrong to
switch context each time it has to generate icmp error msg, specifically when CEF
switching is enabled. But this is totally different architecture..

Regardless, if 'traceroute' bombing is causing an issue, it is almost likely due
to ICMP message generation when packetting last hop.
As far as mitigating that, I'll leave
that up to the rest of you to guess, since this could show up in lab exam under IOS
Services Section :P

>
> Are you doing any ingress filtering? You may want to limit incoming ICMP to
> what you really need (e.g., echo, echo reply, packet-too-big, unreachable)
> and disable emitting IP unreachables on that interface if you can. Does
> 'show ip interface' indicate that CEF is indeed enabled on that interface?

If the packets are being destined to the router, this can be one of the tries he
could do to find out.

But first of all, I'd like to ask the original poster: what kidn of interfaces
do you got there? Usually drops on the interface show sign of problems occuring
from layer1 to layer2, before router's forwarding engine is the issue.

-J

>
> Regards,
>
> Mas Kato
> https://ecardfile.com/id/mkato
>
> >-----Original Message-----
> >From: Peasah, Richard Kwame [mailto:rpeasah@ku.edu]
> >Sent: Monday, September 27, 2004 5:55 AM
> >To: ccielab@groupstudy.com
> >Subject: Help:Input Queue Congestion Problem
> >
> >Folks,
> >
> >Can I borrow your brains for a few minutes? My internet router, a Cisco
> >7304, is dropping packets from the input queue and I'm having a tough
> >time figuring out the cause. Over the past 2 weeks there've been
> >instances where all of a sudden it will drop all packets for minutes and
> >then resume forwarding. It's been hard nailing down the exact time this
> >behavior occurs. By the time I'm alerted by the help desk, the incident
> >is over and the router is back forwarding packets. However, I'm seeing
> >lots of flushing going on with respect to the input queue for the
> >interface connecting to our ISP. See three instance of "show int"
> >output below:
> >
> >Last clearing of "show interface" counters 03:01:42
> >Input queue: 0/75/216/4427 (size/max/drops/flushes); Total output drops:
> >2901
> >
> >Last clearing of "show interface" counters 03:51:56
> >Input queue: 1/75/238/6161 (size/max/drops/flushes); Total output drops:
> >3280
> >
> >Last clearing of "show interface" counters 05:05:08
> >Input queue: 1/75/269/8047 (size/max/drops/flushes); Total output drops:
> >4443
> >
> >Since I don't have a baseline to compare with I really can't tell
> >whether this is normal (the flushes and the drops) but it sure doesn't
> >look normal to me. Anyone with experience with this stuff please shed
> >some light on this, please. I've both cef and fast switching configured
> >and I'm not seeing any cache misses so far. At this point, one thing
> >jumping at me is the "bad hop count" in the "sh ip traffic" output. This
> >counter keeps incrementing as can be see below:
> >
> >08:00 7242548
> >
> >10:00 7267491
> >
> >12:00 7314403
> >
> >15:00 7387856
> >
> >16:00 7402531
> >
> >17:00 7419743
> >
> >I've been scouring CCO for some pointers without success. Some technotes
> >suggest I turn on "debug ip error" but I'm really reluctant (actually
> >scared) to do that for fear of taking the whole damn thing down. This is
> >our only internet node so until I get a nod for them "Big Kahunas" I
> >ain't doing no debugging. Any ideas? And oh, I've been checking my
> >buffers and so far no misses there.
> >
> >Richard Peasah, Ph.D., CCIE 13662
> >Networking & Telecommunications Services
> >University of Kansas
> >rpeasah@ku.edu
> >(785) 864-9354
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

-- 
James Jun                                            TowardEX Technologies, Inc.
Technical Lead                        Network Design, Consulting, IT Outsourcing
james@towardex.com                  Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867           web: http://www.towardex.com , noc: www.twdx.net

• Next message: Joe Rothstein: "FR command clarification"
• Previous message: gladston@br.ibm.com: "Re: CCIE lab exam"
• Maybe in reply to: Peasah, Richard Kwame: "Help:Input Queue Congestion Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:50 GMT-3