Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. NSP
Lot of input errors on a NPE-G1 interface
gal.9430 at googlemail
May 22, 2012, 11:04 PM
Post #1 of 44 (15420 views)
Permalink
Hi,

I've some trouble with a NPE-G1 interface connected to a Catalyst
2960G switch via multimode cable. Input errors increases very fast.
Optics on both sides are original cisco. Average bandwidth is ~30-50
Mbps, burst bandwidth ~80-100 Mbps for a short period.

Configuration NPE-G1 interface:
----------------------------------------------
interface GigabitEthernet0/1
ip address x.x.x.x 255.255.255.240
no ip proxy-arp
ip route-cache flow
duplex full
speed 1000
media-type gbic
negotiation auto
ipv6 address x:x:x::x/64
no cdp enable

Configuration switch interface:
--------------------------------------------
!
interface GigabitEthernet0/23
description Cisco7204VXR
switchport access vlan 250
switchport mode access
spanning-tree portfast
!

Uptime:
-----------
Router uptime is 9 hours, 14 minutes
System returned to ROM by bus error at PC 0x621E0668, address
0x18680DD8 at 22:37:34 MET Tue May 22 2012
System restarted at 22:40:33 MET Tue May 22 2012
System image file is "disk2:c7200-adventerprisek9-mz.124-15.T13.bin"

NPE-G1:
------------
GigabitEthernet0/1 is up, line protocol is up
Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
0006.52f4.d81b)
Internet address is x.x.x.x/28
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/1321/1 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 4264000 bits/sec, 871 packets/sec
5 minute output rate 5859000 bits/sec, 1597 packets/sec
27479327 packets input, 3434822229 bytes, 0 no buffer
Received 941 broadcasts, 0 runts, 0 giants, 0 throttles
989 input errors, 0 CRC, 0 frame, 989 overrun, 0 ignored
0 watchdog, 17119 multicast, 0 pause input
0 input packets with dribble condition detected
43616309 packets output, 2243854018 bytes, 0 underruns
5 output errors, 0 collisions, 4 interface resets
561 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
5 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

Catalyst:
--------------
GigabitEthernet0/23 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 04fe.7f65.2197 (bia 04fe.7f65.2197)
Description: Cisco7204VXR
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX SFP
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 5582000 bits/sec, 1596 packets/sec
5 minute output rate 5445000 bits/sec, 1002 packets/sec
160765357185 packets input, 75815081907836 bytes, 0 no buffer
Received 580911 broadcasts (468086 multicasts)
0 runts, 0 giants, 0 throttles
5 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 468086 multicast, 343548 pause input
0 input packets with dribble condition detected
116641123524 packets output, 71833102673211 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

The last uptime was nearly 70 days and input errors round about 96k.
Does anyone have an explanation for that?


Thanks
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
chris at uplogon
May 23, 2012, 8:18 AM
Post #2 of 44 (15268 views)
Permalink
First suggestion i would make is removing spanning-tree portfast from
the switch config.

You can also try increasing your hold queue on the 7204 with the command:

hold-queue <length> in

The recommendation is to increase in small increments, so i would
suggest starting with 100.

http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080094791.shtml

On 5/23/2012 1:04 AM, gal.9430@googlemail.com wrote:
> Hi,
>
> I've some trouble with a NPE-G1 interface connected to a Catalyst
> 2960G switch via multimode cable. Input errors increases very fast.
> Optics on both sides are original cisco. Average bandwidth is ~30-50
> Mbps, burst bandwidth ~80-100 Mbps for a short period.
>
> Configuration NPE-G1 interface:
> ----------------------------------------------
> interface GigabitEthernet0/1
> ip address x.x.x.x 255.255.255.240
> no ip proxy-arp
> ip route-cache flow
> duplex full
> speed 1000
> media-type gbic
> negotiation auto
> ipv6 address x:x:x::x/64
> no cdp enable
>
> Configuration switch interface:
> --------------------------------------------
> !
> interface GigabitEthernet0/23
> description Cisco7204VXR
> switchport access vlan 250
> switchport mode access
> spanning-tree portfast
> !
>
> Uptime:
> -----------
> Router uptime is 9 hours, 14 minutes
> System returned to ROM by bus error at PC 0x621E0668, address
> 0x18680DD8 at 22:37:34 MET Tue May 22 2012
> System restarted at 22:40:33 MET Tue May 22 2012
> System image file is "disk2:c7200-adventerprisek9-mz.124-15.T13.bin"
>
> NPE-G1:
> ------------
> GigabitEthernet0/1 is up, line protocol is up
> Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
> 0006.52f4.d81b)
> Internet address is x.x.x.x/28
> MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
> reliability 255/255, txload 1/255, rxload 1/255
> Encapsulation ARPA, loopback not set
> Keepalive set (10 sec)
> Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
> output flow-control is XON, input flow-control is XON
> ARP type: ARPA, ARP Timeout 04:00:00
> Last input 00:00:00, output 00:00:00, output hang never
> Last clearing of "show interface" counters never
> Input queue: 0/75/1321/1 (size/max/drops/flushes); Total output drops: 0
> Queueing strategy: fifo
> Output queue: 0/40 (size/max)
> 5 minute input rate 4264000 bits/sec, 871 packets/sec
> 5 minute output rate 5859000 bits/sec, 1597 packets/sec
> 27479327 packets input, 3434822229 bytes, 0 no buffer
> Received 941 broadcasts, 0 runts, 0 giants, 0 throttles
> 989 input errors, 0 CRC, 0 frame, 989 overrun, 0 ignored
> 0 watchdog, 17119 multicast, 0 pause input
> 0 input packets with dribble condition detected
> 43616309 packets output, 2243854018 bytes, 0 underruns
> 5 output errors, 0 collisions, 4 interface resets
> 561 unknown protocol drops
> 0 babbles, 0 late collision, 0 deferred
> 5 lost carrier, 0 no carrier, 0 pause output
> 0 output buffer failures, 0 output buffers swapped out
>
> Catalyst:
> --------------
> GigabitEthernet0/23 is up, line protocol is up (connected)
> Hardware is Gigabit Ethernet, address is 04fe.7f65.2197 (bia 04fe.7f65.2197)
> Description: Cisco7204VXR
> MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
> reliability 255/255, txload 1/255, rxload 1/255
> Encapsulation ARPA, loopback not set
> Keepalive not set
> Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX SFP
> input flow-control is off, output flow-control is unsupported
> ARP type: ARPA, ARP Timeout 04:00:00
> Last input never, output 00:00:01, output hang never
> Last clearing of "show interface" counters never
> Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
> Queueing strategy: fifo
> Output queue: 0/40 (size/max)
> 5 minute input rate 5582000 bits/sec, 1596 packets/sec
> 5 minute output rate 5445000 bits/sec, 1002 packets/sec
> 160765357185 packets input, 75815081907836 bytes, 0 no buffer
> Received 580911 broadcasts (468086 multicasts)
> 0 runts, 0 giants, 0 throttles
> 5 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
> 0 watchdog, 468086 multicast, 343548 pause input
> 0 input packets with dribble condition detected
> 116641123524 packets output, 71833102673211 bytes, 0 underruns
> 0 output errors, 0 collisions, 0 interface resets
> 0 babbles, 0 late collision, 0 deferred
> 0 lost carrier, 0 no carrier, 0 PAUSE output
> 0 output buffer failures, 0 output buffers swapped out
>
> The last uptime was nearly 70 days and input errors round about 96k.
> Does anyone have an explanation for that?
>
>
> Thanks
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

--
---- ---- ---- ----
Chris Gotstein, Network Engineer, U.P. Logon/Computer Connection U.P.
http://uplogon.com | +1 906 774 4847 | chris@uplogon.com
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
gal.9430 at googlemail
May 23, 2012, 9:25 AM
Post #3 of 44 (15268 views)
Permalink
Hi Chris,

thx for pointing this out! But what happened if I increase the hold-queue
from 75 (default) to 200 or 400?


On Wed, May 23, 2012 at 5:18 PM, Chris Gotstein <chris@uplogon.com> wrote:
> First suggestion i would make is removing spanning-tree portfast from the
> switch config.
>
> You can also try increasing your hold queue on the 7204 with the command:
>
> hold-queue <length> in
>
> The recommendation is to increase in small increments, so i would suggest
> starting with 100.
>
> http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080094791.shtml
>
>
> On 5/23/2012 1:04 AM, gal.9430@googlemail.com wrote:
>>
>> Hi,
>>
>> I've some trouble with a NPE-G1 interface connected to a Catalyst
>> 2960G switch via multimode cable. Input errors increases very fast.
>> Optics on both sides are original cisco. Average bandwidth is ~30-50
>> Mbps, burst bandwidth ~80-100 Mbps for a short period.
>>
>> Configuration NPE-G1 interface:
>> ----------------------------------------------
>> interface GigabitEthernet0/1
>>  ip address x.x.x.x 255.255.255.240
>>  no ip proxy-arp
>>  ip route-cache flow
>>  duplex full
>>  speed 1000
>>  media-type gbic
>>  negotiation auto
>>  ipv6 address x:x:x::x/64
>>  no cdp enable
>>
>> Configuration switch interface:
>> --------------------------------------------
>> !
>> interface GigabitEthernet0/23
>>  description Cisco7204VXR
>>  switchport access vlan 250
>>  switchport mode access
>>  spanning-tree portfast
>> !
>>
>> Uptime:
>> -----------
>> Router uptime is 9 hours, 14 minutes
>> System returned to ROM by bus error at PC 0x621E0668, address
>> 0x18680DD8 at 22:37:34 MET Tue May 22 2012
>> System restarted at 22:40:33 MET Tue May 22 2012
>> System image file is "disk2:c7200-adventerprisek9-mz.124-15.T13.bin"
>>
>> NPE-G1:
>> ------------
>> GigabitEthernet0/1 is up, line protocol is up
>>   Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
>> 0006.52f4.d81b)
>>   Internet address is x.x.x.x/28
>>   MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
>>      reliability 255/255, txload 1/255, rxload 1/255
>>   Encapsulation ARPA, loopback not set
>>   Keepalive set (10 sec)
>>   Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
>>   output flow-control is XON, input flow-control is XON
>>   ARP type: ARPA, ARP Timeout 04:00:00
>>   Last input 00:00:00, output 00:00:00, output hang never
>>   Last clearing of "show interface" counters never
>>   Input queue: 0/75/1321/1 (size/max/drops/flushes); Total output drops: 0
>>   Queueing strategy: fifo
>>   Output queue: 0/40 (size/max)
>>   5 minute input rate 4264000 bits/sec, 871 packets/sec
>>   5 minute output rate 5859000 bits/sec, 1597 packets/sec
>>      27479327 packets input, 3434822229 bytes, 0 no buffer
>>      Received 941 broadcasts, 0 runts, 0 giants, 0 throttles
>>      989 input errors, 0 CRC, 0 frame, 989 overrun, 0 ignored
>>      0 watchdog, 17119 multicast, 0 pause input
>>      0 input packets with dribble condition detected
>>      43616309 packets output, 2243854018 bytes, 0 underruns
>>      5 output errors, 0 collisions, 4 interface resets
>>      561 unknown protocol drops
>>      0 babbles, 0 late collision, 0 deferred
>>      5 lost carrier, 0 no carrier, 0 pause output
>>      0 output buffer failures, 0 output buffers swapped out
>>
>> Catalyst:
>> --------------
>> GigabitEthernet0/23 is up, line protocol is up (connected)
>>   Hardware is Gigabit Ethernet, address is 04fe.7f65.2197 (bia
>> 04fe.7f65.2197)
>>   Description: Cisco7204VXR
>>   MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
>>      reliability 255/255, txload 1/255, rxload 1/255
>>   Encapsulation ARPA, loopback not set
>>   Keepalive not set
>>   Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX SFP
>>   input flow-control is off, output flow-control is unsupported
>>   ARP type: ARPA, ARP Timeout 04:00:00
>>   Last input never, output 00:00:01, output hang never
>>   Last clearing of "show interface" counters never
>>   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
>>   Queueing strategy: fifo
>>   Output queue: 0/40 (size/max)
>>   5 minute input rate 5582000 bits/sec, 1596 packets/sec
>>   5 minute output rate 5445000 bits/sec, 1002 packets/sec
>>      160765357185 packets input, 75815081907836 bytes, 0 no buffer
>>      Received 580911 broadcasts (468086 multicasts)
>>      0 runts, 0 giants, 0 throttles
>>      5 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
>>      0 watchdog, 468086 multicast, 343548 pause input
>>      0 input packets with dribble condition detected
>>      116641123524 packets output, 71833102673211 bytes, 0 underruns
>>      0 output errors, 0 collisions, 0 interface resets
>>      0 babbles, 0 late collision, 0 deferred
>>      0 lost carrier, 0 no carrier, 0 PAUSE output
>>      0 output buffer failures, 0 output buffers swapped out
>>
>> The last uptime was nearly 70 days and input errors round about 96k.
>> Does anyone have an explanation for that?
>>
>>
>> Thanks
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> --
> ---- ---- ---- ----
> Chris Gotstein, Network Engineer, U.P. Logon/Computer Connection U.P.
> http://uplogon.com | +1 906 774 4847 | chris@uplogon.com
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
chris at uplogon
May 23, 2012, 9:30 AM
Post #4 of 44 (15259 views)
Permalink
From Cisco:

Caution: An increase in the hold queue can have detrimental effects on
network routing and response times. For protocols that use SEQ/ACK
packets to determine round-trip times, do not increase the output queue.
Dropping packets instead informs hosts to slow down transmissions to
match available bandwidth. This is generally better than duplicate
copies of the same packet within the network, which can happen with
large hold queues.

Start small, i won't go much over 100, maybe 150. Clear counters and
see what the stats look like after you make the change.

On 5/23/2012 11:25 AM, gal.9430@googlemail.com wrote:
> Hi Chris,
>
> thx for pointing this out! But what happened if I increase the hold-queue
> from 75 (default) to 200 or 400?
>
>
> On Wed, May 23, 2012 at 5:18 PM, Chris Gotstein<chris@uplogon.com> wrote:
>> First suggestion i would make is removing spanning-tree portfast from the
>> switch config.
>>
>> You can also try increasing your hold queue on the 7204 with the command:
>>
>> hold-queue<length> in
>>
>> The recommendation is to increase in small increments, so i would suggest
>> starting with 100.
>>
>> http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080094791.shtml
>>
>>
>> On 5/23/2012 1:04 AM, gal.9430@googlemail.com wrote:
>>>
>>> Hi,
>>>
>>> I've some trouble with a NPE-G1 interface connected to a Catalyst
>>> 2960G switch via multimode cable. Input errors increases very fast.
>>> Optics on both sides are original cisco. Average bandwidth is ~30-50
>>> Mbps, burst bandwidth ~80-100 Mbps for a short period.
>>>
>>> Configuration NPE-G1 interface:
>>> ----------------------------------------------
>>> interface GigabitEthernet0/1
>>> ip address x.x.x.x 255.255.255.240
>>> no ip proxy-arp
>>> ip route-cache flow
>>> duplex full
>>> speed 1000
>>> media-type gbic
>>> negotiation auto
>>> ipv6 address x:x:x::x/64
>>> no cdp enable
>>>
>>> Configuration switch interface:
>>> --------------------------------------------
>>> !
>>> interface GigabitEthernet0/23
>>> description Cisco7204VXR
>>> switchport access vlan 250
>>> switchport mode access
>>> spanning-tree portfast
>>> !
>>>
>>> Uptime:
>>> -----------
>>> Router uptime is 9 hours, 14 minutes
>>> System returned to ROM by bus error at PC 0x621E0668, address
>>> 0x18680DD8 at 22:37:34 MET Tue May 22 2012
>>> System restarted at 22:40:33 MET Tue May 22 2012
>>> System image file is "disk2:c7200-adventerprisek9-mz.124-15.T13.bin"
>>>
>>> NPE-G1:
>>> ------------
>>> GigabitEthernet0/1 is up, line protocol is up
>>> Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
>>> 0006.52f4.d81b)
>>> Internet address is x.x.x.x/28
>>> MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
>>> reliability 255/255, txload 1/255, rxload 1/255
>>> Encapsulation ARPA, loopback not set
>>> Keepalive set (10 sec)
>>> Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
>>> output flow-control is XON, input flow-control is XON
>>> ARP type: ARPA, ARP Timeout 04:00:00
>>> Last input 00:00:00, output 00:00:00, output hang never
>>> Last clearing of "show interface" counters never
>>> Input queue: 0/75/1321/1 (size/max/drops/flushes); Total output drops: 0
>>> Queueing strategy: fifo
>>> Output queue: 0/40 (size/max)
>>> 5 minute input rate 4264000 bits/sec, 871 packets/sec
>>> 5 minute output rate 5859000 bits/sec, 1597 packets/sec
>>> 27479327 packets input, 3434822229 bytes, 0 no buffer
>>> Received 941 broadcasts, 0 runts, 0 giants, 0 throttles
>>> 989 input errors, 0 CRC, 0 frame, 989 overrun, 0 ignored
>>> 0 watchdog, 17119 multicast, 0 pause input
>>> 0 input packets with dribble condition detected
>>> 43616309 packets output, 2243854018 bytes, 0 underruns
>>> 5 output errors, 0 collisions, 4 interface resets
>>> 561 unknown protocol drops
>>> 0 babbles, 0 late collision, 0 deferred
>>> 5 lost carrier, 0 no carrier, 0 pause output
>>> 0 output buffer failures, 0 output buffers swapped out
>>>
>>> Catalyst:
>>> --------------
>>> GigabitEthernet0/23 is up, line protocol is up (connected)
>>> Hardware is Gigabit Ethernet, address is 04fe.7f65.2197 (bia
>>> 04fe.7f65.2197)
>>> Description: Cisco7204VXR
>>> MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
>>> reliability 255/255, txload 1/255, rxload 1/255
>>> Encapsulation ARPA, loopback not set
>>> Keepalive not set
>>> Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX SFP
>>> input flow-control is off, output flow-control is unsupported
>>> ARP type: ARPA, ARP Timeout 04:00:00
>>> Last input never, output 00:00:01, output hang never
>>> Last clearing of "show interface" counters never
>>> Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
>>> Queueing strategy: fifo
>>> Output queue: 0/40 (size/max)
>>> 5 minute input rate 5582000 bits/sec, 1596 packets/sec
>>> 5 minute output rate 5445000 bits/sec, 1002 packets/sec
>>> 160765357185 packets input, 75815081907836 bytes, 0 no buffer
>>> Received 580911 broadcasts (468086 multicasts)
>>> 0 runts, 0 giants, 0 throttles
>>> 5 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
>>> 0 watchdog, 468086 multicast, 343548 pause input
>>> 0 input packets with dribble condition detected
>>> 116641123524 packets output, 71833102673211 bytes, 0 underruns
>>> 0 output errors, 0 collisions, 0 interface resets
>>> 0 babbles, 0 late collision, 0 deferred
>>> 0 lost carrier, 0 no carrier, 0 PAUSE output
>>> 0 output buffer failures, 0 output buffers swapped out
>>>
>>> The last uptime was nearly 70 days and input errors round about 96k.
>>> Does anyone have an explanation for that?
>>>
>>>
>>> Thanks
>>> _______________________________________________
>>> cisco-nsp mailing list cisco-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>> --
>> ---- ---- ---- ----
>> Chris Gotstein, Network Engineer, U.P. Logon/Computer Connection U.P.
>> http://uplogon.com | +1 906 774 4847 | chris@uplogon.com
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/

--
---- ---- ---- ----
Chris Gotstein, Network Engineer, U.P. Logon/Computer Connection U.P.
http://uplogon.com | +1 906 774 4847 | chris@uplogon.com
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
gert at greenie
May 23, 2012, 10:57 AM
Post #5 of 44 (15241 views)
Permalink
Hi,

On Wed, May 23, 2012 at 10:18:45AM -0500, Chris Gotstein wrote:
> First suggestion i would make is removing spanning-tree portfast from
> the switch config.

How exactly is that going to *help* with overruns?

All it will do is annoy you after a link flap, and if you run rstp, it
will annoy half your network after a flap on that link.

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert@net.informatik.tu-muenchen.de
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
chris at uplogon
May 23, 2012, 11:15 AM
Post #6 of 44 (15246 views)
Permalink
It's probably not going to address the overrun issue, but from a best
practices stand point, it should not be enabled on interfaces that
connected to other connected devices, ie a router or switch.

On 5/23/2012 12:57 PM, Gert Doering wrote:
> Hi,
>
> On Wed, May 23, 2012 at 10:18:45AM -0500, Chris Gotstein wrote:
>> First suggestion i would make is removing spanning-tree portfast from
>> the switch config.
>
> How exactly is that going to *help* with overruns?
>
> All it will do is annoy you after a link flap, and if you run rstp, it
> will annoy half your network after a flap on that link.
>
> gert

--
---- ---- ---- ----
Chris Gotstein, Network Engineer, U.P. Logon/Computer Connection U.P.
http://uplogon.com | +1 906 774 4847 | chris@uplogon.com
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
mhuff at ox
May 23, 2012, 11:23 AM
Post #7 of 44 (15289 views)
Permalink
Can you explain why it is a best practice to disable portfast connected to a
L3 device such as a router? Switch, obviously, but a router?


----
Matthew Huff  | 1 Manhattanville Rd
Director of Operations   | Purchase, NY 10577
OTA Management LLC | Phone: 914-460-4039
aim: matthewbhuff  | Fax:   914-460-4139


> -----Original Message-----
> From: cisco-nsp-bounces@puck.nether.net [mailto:cisco-nsp-
> bounces@puck.nether.net] On Behalf Of Chris Gotstein
> Sent: Wednesday, May 23, 2012 2:15 PM
> To: Gert Doering
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface
>
> It's probably not going to address the overrun issue, but from a best
> practices stand point, it should not be enabled on interfaces that
> connected to other connected devices, ie a router or switch.
>
> On 5/23/2012 12:57 PM, Gert Doering wrote:
> > Hi,
> >
> > On Wed, May 23, 2012 at 10:18:45AM -0500, Chris Gotstein wrote:
> >> First suggestion i would make is removing spanning-tree portfast
> from
> >> the switch config.
> >
> > How exactly is that going to *help* with overruns?
> >
> > All it will do is annoy you after a link flap, and if you run rstp,
> it
> > will annoy half your network after a flap on that link.
> >
> > gert
>
> --
> ---- ---- ---- ----
> Chris Gotstein, Network Engineer, U.P. Logon/Computer Connection U.P.
> http://uplogon.com | +1 906 774 4847 | chris@uplogon.com
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

Attached Files:

Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
gert at greenie
May 23, 2012, 11:29 AM
Post #8 of 44 (15200 views)
Permalink
Hi,

On Wed, May 23, 2012 at 01:15:16PM -0500, Chris Gotstein wrote:
> It's probably not going to address the overrun issue, but from a best
> practices stand point, it should not be enabled on interfaces that
> connected to other connected devices, ie a router or switch.

Uh, so it should only be turned on for switchports that connect to...
"no device"?

Anyway: right for "to switch", dead wrong for "to router". It should be
turned on for any connection that is known to not go to a switch or hub,
and doubly so if rapid-pvstp is used (due to TCNs being sent on a link
flap otherwise, possibly causing stalls elsewhere).

As far as a switch is concerned, a "router" is the same thing as "a host" -
it doesn't forward layer2 things, so can't cause a routing loop.

gert

--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert@net.informatik.tu-muenchen.de
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
chris at uplogon
May 23, 2012, 12:18 PM
Post #9 of 44 (15243 views)
Permalink
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc… to this
interface when portfast is enabled, can cause temporary bridging loops.

My understanding of this was a router would be included as well since
it's used to connect multiple hosts. I only enable portfast on ports
connected to end-user devices. I don't see a good reason to enable it
on ports connected to routers, but that's just how it was explained to
me, I very well could be wrong.

On 5/23/2012 1:29 PM, Gert Doering wrote:
> Hi,
>
> On Wed, May 23, 2012 at 01:15:16PM -0500, Chris Gotstein wrote:
>> It's probably not going to address the overrun issue, but from a best
>> practices stand point, it should not be enabled on interfaces that
>> connected to other connected devices, ie a router or switch.
>
> Uh, so it should only be turned on for switchports that connect to...
> "no device"?
>
> Anyway: right for "to switch", dead wrong for "to router". It should be
> turned on for any connection that is known to not go to a switch or hub,
> and doubly so if rapid-pvstp is used (due to TCNs being sent on a link
> flap otherwise, possibly causing stalls elsewhere).
>
> As far as a switch is concerned, a "router" is the same thing as "a host" -
> it doesn't forward layer2 things, so can't cause a routing loop.
>
> gert
>

--
---- ---- ---- ----
Chris Gotstein, Network Engineer, U.P. Logon/Computer Connection U.P.
http://uplogon.com | +1 906 774 4847 | chris@uplogon.com
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
MatlockK at exempla
May 23, 2012, 12:23 PM
Post #10 of 44 (15210 views)
Permalink
" hubs, concentrators, switches, bridges, etc... to this interface
when portfast is enabled, can cause temporary bridging loops."

Those are all Layer 2 devices. A router is a layer 3 device (unless you
explicitly turn bridging on).

Ken Matlock
Network Analyst
303-467-4671
matlockk@exempla.org




-----Original Message-----
From: cisco-nsp-bounces@puck.nether.net
[mailto:cisco-nsp-bounces@puck.nether.net] On Behalf Of Chris Gotstein
Sent: Wednesday, May 23, 2012 1:19 PM
To: Gert Doering
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface

%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.

My understanding of this was a router would be included as well since
it's used to connect multiple hosts. I only enable portfast on ports
connected to end-user devices. I don't see a good reason to enable it
on ports connected to routers, but that's just how it was explained to
me, I very well could be wrong.

On 5/23/2012 1:29 PM, Gert Doering wrote:
> Hi,
>
> On Wed, May 23, 2012 at 01:15:16PM -0500, Chris Gotstein wrote:
>> It's probably not going to address the overrun issue, but from a best

>> practices stand point, it should not be enabled on interfaces that
>> connected to other connected devices, ie a router or switch.
>
> Uh, so it should only be turned on for switchports that connect to...
> "no device"?
>
> Anyway: right for "to switch", dead wrong for "to router". It should
> be turned on for any connection that is known to not go to a switch or

> hub, and doubly so if rapid-pvstp is used (due to TCNs being sent on a

> link flap otherwise, possibly causing stalls elsewhere).
>
> As far as a switch is concerned, a "router" is the same thing as "a
> host" - it doesn't forward layer2 things, so can't cause a routing
loop.
>
> gert
>

--
---- ---- ---- ----
Chris Gotstein, Network Engineer, U.P. Logon/Computer Connection U.P.
http://uplogon.com | +1 906 774 4847 | chris@uplogon.com
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
*** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
p.mayers at imperial
May 23, 2012, 12:27 PM
Post #11 of 44 (15192 views)
Permalink
On 05/23/2012 08:18 PM, Chris Gotstein wrote:
> %Warning: portfast should only be enabled on ports connected to a single
> host. Connecting hubs, concentrators, switches, bridges, etc… to this
> interface when portfast is enabled, can cause temporary bridging loops.
>
> My understanding of this was a router would be included as well since
> it's used to connect multiple hosts.

If you don't enable portfast, you have to suffer the STP state
transitions, which lead to delays in traffic forwarding after link-up.

Portfast basically means: "This port is unlikely to be connected to
another bridge or hub, so skip the LISTENING/LEARNING transitions and
jump straight to forwarding; if it goes wrong, STP will close the loop
shortly."

It's not magic; and it should be enabled on all host ports. Routers are
hosts, at layer2.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
gal.9430 at googlemail
May 23, 2012, 12:33 PM
Post #12 of 44 (15257 views)
Permalink
Hi,

thanks all for the input.

Increasing the hold-queue (from default to 100) doesn't seem to help at all:

GigabitEthernet0/1 is up, line protocol is up
Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
0006.52f4.d81b)
Internet address is x.x.x.x/28
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 2/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 02:17:11
Input queue: 0/100/742/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 10536000 bits/sec, 1824 packets/sec
5 minute output rate 6813000 bits/sec, 2121 packets/sec
11770910 packets input, 2922271410 bytes, 0 no buffer
Received 215 broadcasts, 0 runts, 0 giants, 0 throttles
341 input errors, 0 CRC, 0 frame, 341 overrun, 0 ignored
0 watchdog, 4242 multicast, 0 pause input
0 input packets with dribble condition detected
14975201 packets output, 1820911878 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
137 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

Will go from 100 to 150 and see whats happen.



On Wed, May 23, 2012 at 9:27 PM, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
> On 05/23/2012 08:18 PM, Chris Gotstein wrote:
>>
>> %Warning: portfast should only be enabled on ports connected to a single
>> host. Connecting hubs, concentrators, switches, bridges, etc… to this
>> interface when portfast is enabled, can cause temporary bridging loops.
>>
>> My understanding of this was a router would be included as well since
>> it's used to connect multiple hosts.
>
>
> If you don't enable portfast, you have to suffer the STP state transitions,
> which lead to delays in traffic forwarding after link-up.
>
> Portfast basically means: "This port is unlikely to be connected to another
> bridge or hub, so skip the LISTENING/LEARNING transitions and jump straight
> to forwarding; if it goes wrong, STP will close the loop shortly."
>
> It's not magic; and it should be enabled on all host ports. Routers are
> hosts, at layer2.
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
chris at uplogon
May 23, 2012, 1:02 PM
Post #13 of 44 (15226 views)
Permalink
I always just played it safe, but now i'm better informed, thank you.

On 5/23/2012 2:27 PM, Phil Mayers wrote:
> On 05/23/2012 08:18 PM, Chris Gotstein wrote:
>> %Warning: portfast should only be enabled on ports connected to a single
>> host. Connecting hubs, concentrators, switches, bridges, etc… to this
>> interface when portfast is enabled, can cause temporary bridging loops.
>>
>> My understanding of this was a router would be included as well since
>> it's used to connect multiple hosts.
>
> If you don't enable portfast, you have to suffer the STP state
> transitions, which lead to delays in traffic forwarding after link-up.
>
> Portfast basically means: "This port is unlikely to be connected to
> another bridge or hub, so skip the LISTENING/LEARNING transitions and
> jump straight to forwarding; if it goes wrong, STP will close the loop
> shortly."
>
> It's not magic; and it should be enabled on all host ports. Routers are
> hosts, at layer2.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

--
---- ---- ---- ----
Chris Gotstein, Network Engineer, U.P. Logon/Computer Connection U.P.
http://uplogon.com | +1 906 774 4847 | chris@uplogon.com
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
mark.tinka at seacom
May 23, 2012, 1:03 PM
Post #14 of 44 (15215 views)
Permalink
On Wednesday, May 23, 2012 09:23:03 PM Matlock, Kenneth L
wrote:

> " hubs, concentrators, switches, bridges, etc... to this
> interface when portfast is enabled, can cause temporary
> bridging loops."
>
> Those are all Layer 2 devices. A router is a layer 3
> device (unless you explicitly turn bridging on).

We disable Portfast for all 802.1Q trunks, regardless of
whether they're going to routers or switches.

If an engineer moves connections by mistake, or plugs the
trunk from the switch into another switch by mistake,
instead of a router, you have that protection.

The 50-odd seconds required for the STP state machine to
raech a Forwarding situation is a small price to pay for
this safety, in my opinion (Lord knows how many times we've
been saved by blocking Edge ports on BPDU receipt).

Of course, the topologies have a part to play in one's
thought process; if there is redundancy between the switches
and their uplink routers, it's not such a big deal. But if
services that rely on things like TFTP or DHCP are of
importance, one has to rethink this for their network.

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
MatlockK at exempla
May 23, 2012, 1:04 PM
Post #15 of 44 (15249 views)
Permalink
Think of it this way. What does Portfast do? It allows you to skip from
blocking to forwarding, bypassing listening and learning states.

If you have portfast enabled to a L2 device, and that L2 device also has
another connection to the same L2 you've created a bridging loop until
the first BPDU comes in and the switch disables one of the ports
involved.

Now, configuring portfast on a port going to and end host or router is
fairly benign since there's no other link to the same L2 bridged through
the device. You'd have to plug 2 ports from the end device (or router)
into the same L2, and explicitly configure them to be bridged in order
to create a bridging loop. But normally you're only going to plug a
single cable from an end device into the L2 so you know bridging loops
won't get created, so it's 'safe' to skip listening/learning steps and
go right to forwarding, to decrease the time it takes for the device to
be 'live'.

Make sense?

Ken Matlock
Network Analyst
303-467-4671
matlockk@exempla.org




-----Original Message-----
From: cisco-nsp-bounces@puck.nether.net
[mailto:cisco-nsp-bounces@puck.nether.net] On Behalf Of Matlock, Kenneth
L
Sent: Wednesday, May 23, 2012 1:23 PM
To: Chris Gotstein; Gert Doering
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface

" hubs, concentrators, switches, bridges, etc... to this interface when
portfast is enabled, can cause temporary bridging loops."

Those are all Layer 2 devices. A router is a layer 3 device (unless you
explicitly turn bridging on).

Ken Matlock
Network Analyst
303-467-4671
matlockk@exempla.org




-----Original Message-----
From: cisco-nsp-bounces@puck.nether.net
[mailto:cisco-nsp-bounces@puck.nether.net] On Behalf Of Chris Gotstein
Sent: Wednesday, May 23, 2012 1:19 PM
To: Gert Doering
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface

%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.

My understanding of this was a router would be included as well since
it's used to connect multiple hosts. I only enable portfast on ports
connected to end-user devices. I don't see a good reason to enable it
on ports connected to routers, but that's just how it was explained to
me, I very well could be wrong.

On 5/23/2012 1:29 PM, Gert Doering wrote:
> Hi,
>
> On Wed, May 23, 2012 at 01:15:16PM -0500, Chris Gotstein wrote:
>> It's probably not going to address the overrun issue, but from a best

>> practices stand point, it should not be enabled on interfaces that
>> connected to other connected devices, ie a router or switch.
>
> Uh, so it should only be turned on for switchports that connect to...
> "no device"?
>
> Anyway: right for "to switch", dead wrong for "to router". It should
> be turned on for any connection that is known to not go to a switch or

> hub, and doubly so if rapid-pvstp is used (due to TCNs being sent on a

> link flap otherwise, possibly causing stalls elsewhere).
>
> As far as a switch is concerned, a "router" is the same thing as "a
> host" - it doesn't forward layer2 things, so can't cause a routing
loop.
>
> gert
>

--
---- ---- ---- ----
Chris Gotstein, Network Engineer, U.P. Logon/Computer Connection U.P.
http://uplogon.com | +1 906 774 4847 | chris@uplogon.com
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
*** Exempla Confidentiality Notice *** The information contained in this
message may be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, you are hereby notified that any other
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please
notify me immediately by replying to the message and deleting it from
your computer. Thank you. *** Exempla Confidentiality Notice ***


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
*** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
gert at greenie
May 23, 2012, 1:24 PM
Post #16 of 44 (15215 views)
Permalink
Hi,

On Wed, May 23, 2012 at 02:04:58PM -0600, Matlock, Kenneth L wrote:
> Think of it this way. What does Portfast do? It allows you to skip from
> blocking to forwarding, bypassing listening and learning states.

Plus, it changes TCN behaviour for rapid-pvstp for flaps on that port.

That's one of the often-overlooked side effects.

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert@net.informatik.tu-muenchen.de
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
MatlockK at exempla
May 23, 2012, 1:30 PM
Post #17 of 44 (15197 views)
Permalink
True, if a portfast port bounces it doesn't trigger a TCN, which then
doesn't trigger CAM table flushes.

Ken Matlock
Network Analyst
303-467-4671
matlockk@exempla.org




-----Original Message-----
From: Gert Doering [mailto:gert@greenie.muc.de]
Sent: Wednesday, May 23, 2012 2:25 PM
To: Matlock, Kenneth L
Cc: Chris Gotstein; Gert Doering; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface

Hi,

On Wed, May 23, 2012 at 02:04:58PM -0600, Matlock, Kenneth L wrote:
> Think of it this way. What does Portfast do? It allows you to skip
> from blocking to forwarding, bypassing listening and learning states.

Plus, it changes TCN behaviour for rapid-pvstp for flaps on that port.

That's one of the often-overlooked side effects.

gert
--
USENET is *not* the non-clickable part of WWW!

//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert@greenie.muc.de
fax: +49-89-35655025
gert@net.informatik.tu-muenchen.de
*** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
sigurbjornl at vodafone
May 23, 2012, 1:40 PM
Post #18 of 44 (15207 views)
Permalink
Is this the only traffic going through this 7200?

How is your scheduler allocate set on the 7200, have you tried a new cable
and cleaning the optics?

Kind regards,
Sibbi

On 23.5.2012 19:33, "gal.9430@googlemail.com" <gal.9430@googlemail.com>
wrote:

>Hi,
>
>thanks all for the input.
>
>Increasing the hold-queue (from default to 100) doesn't seem to help at
>all:
>
>GigabitEthernet0/1 is up, line protocol is up
> Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
>0006.52f4.d81b)
> Internet address is x.x.x.x/28
> MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
> reliability 255/255, txload 1/255, rxload 2/255
> Encapsulation ARPA, loopback not set
> Keepalive set (10 sec)
> Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
> output flow-control is XON, input flow-control is XON
> ARP type: ARPA, ARP Timeout 04:00:00
> Last input 00:00:00, output 00:00:00, output hang never
> Last clearing of "show interface" counters 02:17:11
> Input queue: 0/100/742/0 (size/max/drops/flushes); Total output drops: 0
> Queueing strategy: fifo
> Output queue: 0/40 (size/max)
> 5 minute input rate 10536000 bits/sec, 1824 packets/sec
> 5 minute output rate 6813000 bits/sec, 2121 packets/sec
> 11770910 packets input, 2922271410 bytes, 0 no buffer
> Received 215 broadcasts, 0 runts, 0 giants, 0 throttles
> 341 input errors, 0 CRC, 0 frame, 341 overrun, 0 ignored
> 0 watchdog, 4242 multicast, 0 pause input
> 0 input packets with dribble condition detected
> 14975201 packets output, 1820911878 bytes, 0 underruns
> 0 output errors, 0 collisions, 0 interface resets
> 137 unknown protocol drops
> 0 babbles, 0 late collision, 0 deferred
> 0 lost carrier, 0 no carrier, 0 pause output
> 0 output buffer failures, 0 output buffers swapped out
>
>Will go from 100 to 150 and see whats happen.
>
>
>
>On Wed, May 23, 2012 at 9:27 PM, Phil Mayers <p.mayers@imperial.ac.uk>
>wrote:
>> On 05/23/2012 08:18 PM, Chris Gotstein wrote:
>>>
>>> %Warning: portfast should only be enabled on ports connected to a
>>>single
>>> host. Connecting hubs, concentrators, switches, bridges, etcŠ to this
>>> interface when portfast is enabled, can cause temporary bridging loops.
>>>
>>> My understanding of this was a router would be included as well since
>>> it's used to connect multiple hosts.
>>
>>
>> If you don't enable portfast, you have to suffer the STP state
>>transitions,
>> which lead to delays in traffic forwarding after link-up.
>>
>> Portfast basically means: "This port is unlikely to be connected to
>>another
>> bridge or hub, so skip the LISTENING/LEARNING transitions and jump
>>straight
>> to forwarding; if it goes wrong, STP will close the loop shortly."
>>
>> It's not magic; and it should be enabled on all host ports. Routers are
>> hosts, at layer2.
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp@puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
gal.9430 at googlemail
May 23, 2012, 2:00 PM
Post #19 of 44 (15193 views)
Permalink
> Is this the only traffic going through this 7200?

No. Gi0/1 is connected via 2960G to another router (iBGP). Gi0/2 is
connected to an eBGP peer
who sends a full table.

> How is your scheduler allocate set on the 7200...

Default value, not changed.

> ...have you tried a new cable and cleaning the optics?

New cable: yes
Cleaning the optics: no



On Wed, May 23, 2012 at 10:40 PM, Sigurbjörn Birkir Lárusson
<sigurbjornl@vodafone.is> wrote:
> Is this the only traffic going through this 7200?
>
> How is your scheduler allocate set on the 7200, have you tried a new cable
> and cleaning the optics?
>
> Kind regards,
> Sibbi
>
> On 23.5.2012 19:33, "gal.9430@googlemail.com" <gal.9430@googlemail.com>
> wrote:
>
>>Hi,
>>
>>thanks all for the input.
>>
>>Increasing the hold-queue (from default to 100) doesn't seem to help at
>>all:
>>
>>GigabitEthernet0/1 is up, line protocol is up
>>  Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
>>0006.52f4.d81b)
>>  Internet address is x.x.x.x/28
>>  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
>>     reliability 255/255, txload 1/255, rxload 2/255
>>  Encapsulation ARPA, loopback not set
>>  Keepalive set (10 sec)
>>  Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
>>  output flow-control is XON, input flow-control is XON
>>  ARP type: ARPA, ARP Timeout 04:00:00
>>  Last input 00:00:00, output 00:00:00, output hang never
>>  Last clearing of "show interface" counters 02:17:11
>>  Input queue: 0/100/742/0 (size/max/drops/flushes); Total output drops: 0
>>  Queueing strategy: fifo
>>  Output queue: 0/40 (size/max)
>>  5 minute input rate 10536000 bits/sec, 1824 packets/sec
>>  5 minute output rate 6813000 bits/sec, 2121 packets/sec
>>     11770910 packets input, 2922271410 bytes, 0 no buffer
>>     Received 215 broadcasts, 0 runts, 0 giants, 0 throttles
>>     341 input errors, 0 CRC, 0 frame, 341 overrun, 0 ignored
>>     0 watchdog, 4242 multicast, 0 pause input
>>     0 input packets with dribble condition detected
>>     14975201 packets output, 1820911878 bytes, 0 underruns
>>     0 output errors, 0 collisions, 0 interface resets
>>     137 unknown protocol drops
>>     0 babbles, 0 late collision, 0 deferred
>>     0 lost carrier, 0 no carrier, 0 pause output
>>     0 output buffer failures, 0 output buffers swapped out
>>
>>Will go from 100 to 150 and see whats happen.
>>
>>
>>
>>On Wed, May 23, 2012 at 9:27 PM, Phil Mayers <p.mayers@imperial.ac.uk>
>>wrote:
>>> On 05/23/2012 08:18 PM, Chris Gotstein wrote:
>>>>
>>>> %Warning: portfast should only be enabled on ports connected to a
>>>>single
>>>> host. Connecting hubs, concentrators, switches, bridges, etcÅ  to this
>>>> interface when portfast is enabled, can cause temporary bridging loops.
>>>>
>>>> My understanding of this was a router would be included as well since
>>>> it's used to connect multiple hosts.
>>>
>>>
>>> If you don't enable portfast, you have to suffer the STP state
>>>transitions,
>>> which lead to delays in traffic forwarding after link-up.
>>>
>>> Portfast basically means: "This port is unlikely to be connected to
>>>another
>>> bridge or hub, so skip the LISTENING/LEARNING transitions and jump
>>>straight
>>> to forwarding; if it goes wrong, STP will close the loop shortly."
>>>
>>> It's not magic; and it should be enabled on all host ports. Routers are
>>> hosts, at layer2.
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>_______________________________________________
>>cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
Edward.Salonia at ipsoft
May 23, 2012, 2:16 PM
Post #20 of 44 (15257 views)
Permalink
Drops and overruns... Sounds like you are overloading your port buffer. Are you getting bursts of traffic that might not register on traffic graphs polling at 5 minute intervals?

- Ed

-----Original Message-----
From: cisco-nsp-bounces@puck.nether.net [mailto:cisco-nsp-bounces@puck.nether.net] On Behalf Of gal.9430@googlemail.com
Sent: Wednesday, May 23, 2012 5:00 PM
To: Sigurbjörn Birkir Lárusson
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface

> Is this the only traffic going through this 7200?

No. Gi0/1 is connected via 2960G to another router (iBGP). Gi0/2 is
connected to an eBGP peer
who sends a full table.

> How is your scheduler allocate set on the 7200...

Default value, not changed.

> ...have you tried a new cable and cleaning the optics?

New cable: yes
Cleaning the optics: no



On Wed, May 23, 2012 at 10:40 PM, Sigurbjörn Birkir Lárusson
<sigurbjornl@vodafone.is> wrote:
> Is this the only traffic going through this 7200?
>
> How is your scheduler allocate set on the 7200, have you tried a new cable
> and cleaning the optics?
>
> Kind regards,
> Sibbi
>
> On 23.5.2012 19:33, "gal.9430@googlemail.com" <gal.9430@googlemail.com>
> wrote:
>
>>Hi,
>>
>>thanks all for the input.
>>
>>Increasing the hold-queue (from default to 100) doesn't seem to help at
>>all:
>>
>>GigabitEthernet0/1 is up, line protocol is up
>>  Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
>>0006.52f4.d81b)
>>  Internet address is x.x.x.x/28
>>  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
>>     reliability 255/255, txload 1/255, rxload 2/255
>>  Encapsulation ARPA, loopback not set
>>  Keepalive set (10 sec)
>>  Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
>>  output flow-control is XON, input flow-control is XON
>>  ARP type: ARPA, ARP Timeout 04:00:00
>>  Last input 00:00:00, output 00:00:00, output hang never
>>  Last clearing of "show interface" counters 02:17:11
>>  Input queue: 0/100/742/0 (size/max/drops/flushes); Total output drops: 0
>>  Queueing strategy: fifo
>>  Output queue: 0/40 (size/max)
>>  5 minute input rate 10536000 bits/sec, 1824 packets/sec
>>  5 minute output rate 6813000 bits/sec, 2121 packets/sec
>>     11770910 packets input, 2922271410 bytes, 0 no buffer
>>     Received 215 broadcasts, 0 runts, 0 giants, 0 throttles
>>     341 input errors, 0 CRC, 0 frame, 341 overrun, 0 ignored
>>     0 watchdog, 4242 multicast, 0 pause input
>>     0 input packets with dribble condition detected
>>     14975201 packets output, 1820911878 bytes, 0 underruns
>>     0 output errors, 0 collisions, 0 interface resets
>>     137 unknown protocol drops
>>     0 babbles, 0 late collision, 0 deferred
>>     0 lost carrier, 0 no carrier, 0 pause output
>>     0 output buffer failures, 0 output buffers swapped out
>>
>>Will go from 100 to 150 and see whats happen.
>>
>>
>>
>>On Wed, May 23, 2012 at 9:27 PM, Phil Mayers <p.mayers@imperial.ac.uk>
>>wrote:
>>> On 05/23/2012 08:18 PM, Chris Gotstein wrote:
>>>>
>>>> %Warning: portfast should only be enabled on ports connected to a
>>>>single
>>>> host. Connecting hubs, concentrators, switches, bridges, etcÅ  to this
>>>> interface when portfast is enabled, can cause temporary bridging loops.
>>>>
>>>> My understanding of this was a router would be included as well since
>>>> it's used to connect multiple hosts.
>>>
>>>
>>> If you don't enable portfast, you have to suffer the STP state
>>>transitions,
>>> which lead to delays in traffic forwarding after link-up.
>>>
>>> Portfast basically means: "This port is unlikely to be connected to
>>>another
>>> bridge or hub, so skip the LISTENING/LEARNING transitions and jump
>>>straight
>>> to forwarding; if it goes wrong, STP will close the loop shortly."
>>>
>>> It's not magic; and it should be enabled on all host ports. Routers are
>>> hosts, at layer2.
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>_______________________________________________
>>cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
gal.9430 at googlemail
May 23, 2012, 2:24 PM
Post #21 of 44 (15194 views)
Permalink
> Are you getting bursts of traffic that might not register on traffic graphs polling at 5 minute intervals?

No, I don't think so. Burst traffic never exceeds 80-100 Mbps. We're
polling in a 1 min interval.


On Wed, May 23, 2012 at 11:16 PM, Edward Salonia
<Edward.Salonia@ipsoft.com> wrote:
> Drops and overruns... Sounds like you are overloading your port buffer. Are you getting bursts of traffic that might not register on traffic graphs polling at 5 minute intervals?
>
> - Ed
>
> -----Original Message-----
> From: cisco-nsp-bounces@puck.nether.net [mailto:cisco-nsp-bounces@puck.nether.net] On Behalf Of gal.9430@googlemail.com
> Sent: Wednesday, May 23, 2012 5:00 PM
> To: Sigurbjörn Birkir Lárusson
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface
>
>> Is this the only traffic going through this 7200?
>
> No. Gi0/1 is connected via 2960G to another router (iBGP). Gi0/2 is
> connected to an eBGP peer
> who sends a full table.
>
>> How is your scheduler allocate set on the 7200...
>
> Default value, not changed.
>
>> ...have you tried a new cable and cleaning the optics?
>
> New cable: yes
> Cleaning the optics: no
>
>
>
> On Wed, May 23, 2012 at 10:40 PM, Sigurbjörn Birkir Lárusson
> <sigurbjornl@vodafone.is> wrote:
>> Is this the only traffic going through this 7200?
>>
>> How is your scheduler allocate set on the 7200, have you tried a new cable
>> and cleaning the optics?
>>
>> Kind regards,
>> Sibbi
>>
>> On 23.5.2012 19:33, "gal.9430@googlemail.com" <gal.9430@googlemail.com>
>> wrote:
>>
>>>Hi,
>>>
>>>thanks all for the input.
>>>
>>>Increasing the hold-queue (from default to 100) doesn't seem to help at
>>>all:
>>>
>>>GigabitEthernet0/1 is up, line protocol is up
>>>  Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
>>>0006.52f4.d81b)
>>>  Internet address is x.x.x.x/28
>>>  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
>>>     reliability 255/255, txload 1/255, rxload 2/255
>>>  Encapsulation ARPA, loopback not set
>>>  Keepalive set (10 sec)
>>>  Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
>>>  output flow-control is XON, input flow-control is XON
>>>  ARP type: ARPA, ARP Timeout 04:00:00
>>>  Last input 00:00:00, output 00:00:00, output hang never
>>>  Last clearing of "show interface" counters 02:17:11
>>>  Input queue: 0/100/742/0 (size/max/drops/flushes); Total output drops: 0
>>>  Queueing strategy: fifo
>>>  Output queue: 0/40 (size/max)
>>>  5 minute input rate 10536000 bits/sec, 1824 packets/sec
>>>  5 minute output rate 6813000 bits/sec, 2121 packets/sec
>>>     11770910 packets input, 2922271410 bytes, 0 no buffer
>>>     Received 215 broadcasts, 0 runts, 0 giants, 0 throttles
>>>     341 input errors, 0 CRC, 0 frame, 341 overrun, 0 ignored
>>>     0 watchdog, 4242 multicast, 0 pause input
>>>     0 input packets with dribble condition detected
>>>     14975201 packets output, 1820911878 bytes, 0 underruns
>>>     0 output errors, 0 collisions, 0 interface resets
>>>     137 unknown protocol drops
>>>     0 babbles, 0 late collision, 0 deferred
>>>     0 lost carrier, 0 no carrier, 0 pause output
>>>     0 output buffer failures, 0 output buffers swapped out
>>>
>>>Will go from 100 to 150 and see whats happen.
>>>
>>>
>>>
>>>On Wed, May 23, 2012 at 9:27 PM, Phil Mayers <p.mayers@imperial.ac.uk>
>>>wrote:
>>>> On 05/23/2012 08:18 PM, Chris Gotstein wrote:
>>>>>
>>>>> %Warning: portfast should only be enabled on ports connected to a
>>>>>single
>>>>> host. Connecting hubs, concentrators, switches, bridges, etcÅ  to this
>>>>> interface when portfast is enabled, can cause temporary bridging loops.
>>>>>
>>>>> My understanding of this was a router would be included as well since
>>>>> it's used to connect multiple hosts.
>>>>
>>>>
>>>> If you don't enable portfast, you have to suffer the STP state
>>>>transitions,
>>>> which lead to delays in traffic forwarding after link-up.
>>>>
>>>> Portfast basically means: "This port is unlikely to be connected to
>>>>another
>>>> bridge or hub, so skip the LISTENING/LEARNING transitions and jump
>>>>straight
>>>> to forwarding; if it goes wrong, STP will close the loop shortly."
>>>>
>>>> It's not magic; and it should be enabled on all host ports. Routers are
>>>> hosts, at layer2.
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>>_______________________________________________
>>>cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
sigurbjornl at vodafone
May 23, 2012, 4:10 PM
Post #22 of 44 (15201 views)
Permalink
Similar traffic on the other port I assume, outbound port for the router?
No input errors there?

If you also see input errors and overruns on the other port, the CPU is
probably having issues emptying the buffer before it runs out of buffer
space which would suggest high CPU usage during the times when the
overruns are occuring. Then you should look at why that is the case, it's
not enough traffic to really cause that issue, but you might have other
features enabled that are causing the box to use a lot of cpu.

If there are no errors on the other port, it's more likely that this is a
layer 1 problem, and you should try replacing the optics if you have
spares or cleaning the existing ones

Kind regards,
Sibbi

On 23.5.2012 21:24, "gal.9430@googlemail.com" <gal.9430@googlemail.com>
wrote:

>> Are you getting bursts of traffic that might not register on traffic
>>graphs polling at 5 minute intervals?
>
>No, I don't think so. Burst traffic never exceeds 80-100 Mbps. We're
>polling in a 1 min interval.
>
>
>On Wed, May 23, 2012 at 11:16 PM, Edward Salonia
><Edward.Salonia@ipsoft.com> wrote:
>> Drops and overruns... Sounds like you are overloading your port buffer.
>>Are you getting bursts of traffic that might not register on traffic
>>graphs polling at 5 minute intervals?
>>
>> - Ed
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces@puck.nether.net
>>[mailto:cisco-nsp-bounces@puck.nether.net] On Behalf Of
>>gal.9430@googlemail.com
>> Sent: Wednesday, May 23, 2012 5:00 PM
>> To: Sigurbjörn Birkir Lárusson
>> Cc: cisco-nsp@puck.nether.net
>> Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface
>>
>>> Is this the only traffic going through this 7200?
>>
>> No. Gi0/1 is connected via 2960G to another router (iBGP). Gi0/2 is
>> connected to an eBGP peer
>> who sends a full table.
>>
>>> How is your scheduler allocate set on the 7200...
>>
>> Default value, not changed.
>>
>>> ...have you tried a new cable and cleaning the optics?
>>
>> New cable: yes
>> Cleaning the optics: no
>>
>>
>>
>> On Wed, May 23, 2012 at 10:40 PM, Sigurbjörn Birkir Lárusson
>> <sigurbjornl@vodafone.is> wrote:
>>> Is this the only traffic going through this 7200?
>>>
>>> How is your scheduler allocate set on the 7200, have you tried a new
>>>cable
>>> and cleaning the optics?
>>>
>>> Kind regards,
>>> Sibbi
>>>
>>> On 23.5.2012 19:33, "gal.9430@googlemail.com" <gal.9430@googlemail.com>
>>> wrote:
>>>
>>>>Hi,
>>>>
>>>>thanks all for the input.
>>>>
>>>>Increasing the hold-queue (from default to 100) doesn't seem to help at
>>>>all:
>>>>
>>>>GigabitEthernet0/1 is up, line protocol is up
>>>> Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
>>>>0006.52f4.d81b)
>>>> Internet address is x.x.x.x/28
>>>> MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
>>>> reliability 255/255, txload 1/255, rxload 2/255
>>>> Encapsulation ARPA, loopback not set
>>>> Keepalive set (10 sec)
>>>> Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
>>>> output flow-control is XON, input flow-control is XON
>>>> ARP type: ARPA, ARP Timeout 04:00:00
>>>> Last input 00:00:00, output 00:00:00, output hang never
>>>> Last clearing of "show interface" counters 02:17:11
>>>> Input queue: 0/100/742/0 (size/max/drops/flushes); Total output
>>>>drops: 0
>>>> Queueing strategy: fifo
>>>> Output queue: 0/40 (size/max)
>>>> 5 minute input rate 10536000 bits/sec, 1824 packets/sec
>>>> 5 minute output rate 6813000 bits/sec, 2121 packets/sec
>>>> 11770910 packets input, 2922271410 bytes, 0 no buffer
>>>> Received 215 broadcasts, 0 runts, 0 giants, 0 throttles
>>>> 341 input errors, 0 CRC, 0 frame, 341 overrun, 0 ignored
>>>> 0 watchdog, 4242 multicast, 0 pause input
>>>> 0 input packets with dribble condition detected
>>>> 14975201 packets output, 1820911878 bytes, 0 underruns
>>>> 0 output errors, 0 collisions, 0 interface resets
>>>> 137 unknown protocol drops
>>>> 0 babbles, 0 late collision, 0 deferred
>>>> 0 lost carrier, 0 no carrier, 0 pause output
>>>> 0 output buffer failures, 0 output buffers swapped out
>>>>
>>>>Will go from 100 to 150 and see whats happen.
>>>>
>>>>
>>>>
>>>>On Wed, May 23, 2012 at 9:27 PM, Phil Mayers <p.mayers@imperial.ac.uk>
>>>>wrote:
>>>>> On 05/23/2012 08:18 PM, Chris Gotstein wrote:
>>>>>>
>>>>>> %Warning: portfast should only be enabled on ports connected to a
>>>>>>single
>>>>>> host. Connecting hubs, concentrators, switches, bridges, etc© to
>>>>>>this
>>>>>> interface when portfast is enabled, can cause temporary bridging
>>>>>>loops.
>>>>>>
>>>>>> My understanding of this was a router would be included as well
>>>>>>since
>>>>>> it's used to connect multiple hosts.
>>>>>
>>>>>
>>>>> If you don't enable portfast, you have to suffer the STP state
>>>>>transitions,
>>>>> which lead to delays in traffic forwarding after link-up.
>>>>>
>>>>> Portfast basically means: "This port is unlikely to be connected to
>>>>>another
>>>>> bridge or hub, so skip the LISTENING/LEARNING transitions and jump
>>>>>straight
>>>>> to forwarding; if it goes wrong, STP will close the loop shortly."
>>>>>
>>>>> It's not magic; and it should be enabled on all host ports. Routers
>>>>>are
>>>>> hosts, at layer2.
>>>>>
>>>>> _______________________________________________
>>>>> cisco-nsp mailing list cisco-nsp@puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>
>>>>_______________________________________________
>>>>cisco-nsp mailing list cisco-nsp@puck.nether.net
>>>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
MatlockK at exempla
May 23, 2012, 4:13 PM
Post #23 of 44 (15220 views)
Permalink
The problem with a 1 minute interval is that you can EASILY be bursting well above that for short periods of time. remember that 80-100Mbps is an average over the entire 1 minute.

Are you running QoS or Netflow on this box?

Ken

________________________________

From: cisco-nsp-bounces@puck.nether.net on behalf of gal.9430@googlemail.com
Sent: Wed 5/23/2012 3:24 PM
To: Edward Salonia
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface



> Are you getting bursts of traffic that might not register on traffic graphs polling at 5 minute intervals?

No, I don't think so. Burst traffic never exceeds 80-100 Mbps. We're
polling in a 1 min interval.


On Wed, May 23, 2012 at 11:16 PM, Edward Salonia
<Edward.Salonia@ipsoft.com> wrote:
> Drops and overruns... Sounds like you are overloading your port buffer. Are you getting bursts of traffic that might not register on traffic graphs polling at 5 minute intervals?
>
> - Ed
>
> -----Original Message-----
> From: cisco-nsp-bounces@puck.nether.net [mailto:cisco-nsp-bounces@puck.nether.net] On Behalf Of gal.9430@googlemail.com
> Sent: Wednesday, May 23, 2012 5:00 PM
> To: Sigurbjörn Birkir Lárusson
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface
>
>> Is this the only traffic going through this 7200?
>
> No. Gi0/1 is connected via 2960G to another router (iBGP). Gi0/2 is
> connected to an eBGP peer
> who sends a full table.
>
>> How is your scheduler allocate set on the 7200...
>
> Default value, not changed.
>
>> ...have you tried a new cable and cleaning the optics?
>
> New cable: yes
> Cleaning the optics: no
>
>
>
> On Wed, May 23, 2012 at 10:40 PM, Sigurbjörn Birkir Lárusson
> <sigurbjornl@vodafone.is> wrote:
>> Is this the only traffic going through this 7200?
>>
>> How is your scheduler allocate set on the 7200, have you tried a new cable
>> and cleaning the optics?
>>
>> Kind regards,
>> Sibbi
>>
>> On 23.5.2012 19:33, "gal.9430@googlemail.com" <gal.9430@googlemail.com>
>> wrote:
>>
>>>Hi,
>>>
>>>thanks all for the input.
>>>
>>>Increasing the hold-queue (from default to 100) doesn't seem to help at
>>>all:
>>>
>>>GigabitEthernet0/1 is up, line protocol is up
>>> Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
>>>0006.52f4.d81b)
>>> Internet address is x.x.x.x/28
>>> MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
>>> reliability 255/255, txload 1/255, rxload 2/255
>>> Encapsulation ARPA, loopback not set
>>> Keepalive set (10 sec)
>>> Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
>>> output flow-control is XON, input flow-control is XON
>>> ARP type: ARPA, ARP Timeout 04:00:00
>>> Last input 00:00:00, output 00:00:00, output hang never
>>> Last clearing of "show interface" counters 02:17:11
>>> Input queue: 0/100/742/0 (size/max/drops/flushes); Total output drops: 0
>>> Queueing strategy: fifo
>>> Output queue: 0/40 (size/max)
>>> 5 minute input rate 10536000 bits/sec, 1824 packets/sec
>>> 5 minute output rate 6813000 bits/sec, 2121 packets/sec
>>> 11770910 packets input, 2922271410 bytes, 0 no buffer
>>> Received 215 broadcasts, 0 runts, 0 giants, 0 throttles
>>> 341 input errors, 0 CRC, 0 frame, 341 overrun, 0 ignored
>>> 0 watchdog, 4242 multicast, 0 pause input
>>> 0 input packets with dribble condition detected
>>> 14975201 packets output, 1820911878 bytes, 0 underruns
>>> 0 output errors, 0 collisions, 0 interface resets
>>> 137 unknown protocol drops
>>> 0 babbles, 0 late collision, 0 deferred
>>> 0 lost carrier, 0 no carrier, 0 pause output
>>> 0 output buffer failures, 0 output buffers swapped out
>>>
>>>Will go from 100 to 150 and see whats happen.
>>>
>>>
>>>
>>>On Wed, May 23, 2012 at 9:27 PM, Phil Mayers <p.mayers@imperial.ac.uk>
>>>wrote:
>>>> On 05/23/2012 08:18 PM, Chris Gotstein wrote:
>>>>>
>>>>> %Warning: portfast should only be enabled on ports connected to a
>>>>>single
>>>>> host. Connecting hubs, concentrators, switches, bridges, etcS to this
>>>>> interface when portfast is enabled, can cause temporary bridging loops.
>>>>>
>>>>> My understanding of this was a router would be included as well since
>>>>> it's used to connect multiple hosts.
>>>>
>>>>
>>>> If you don't enable portfast, you have to suffer the STP state
>>>>transitions,
>>>> which lead to delays in traffic forwarding after link-up.
>>>>
>>>> Portfast basically means: "This port is unlikely to be connected to
>>>>another
>>>> bridge or hub, so skip the LISTENING/LEARNING transitions and jump
>>>>straight
>>>> to forwarding; if it goes wrong, STP will close the loop shortly."
>>>>
>>>> It's not magic; and it should be enabled on all host ports. Routers are
>>>> hosts, at layer2.
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list cisco-nsp@puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>>_______________________________________________
>>>cisco-nsp mailing list cisco-nsp@puck.nether.net
>>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

*** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
dfarrell at tibus
May 23, 2012, 10:16 PM
Post #24 of 44 (15195 views)
Permalink
On 23/05/2012 20:27, Phil Mayers wrote:
> If you don't enable portfast, you have to suffer the STP state
> transitions, which lead to delays in traffic forwarding after link-up.
I wondered what people's feelings/experiences were with respect to
completely disabling STP where appropriate?

I have 100% control over topology and some PtP dotq trunk links, I
thought of placing 'spanning-tree bpdufilter enable' rather than
'portfast trunk' on these ports. I have no need to to send or receive
STP BPDUs on these ports, even though the underlying technology is
Ethernet. Hosts are a mixture of L3 switches and routers, but
configuration should limit the extent of the broadcast domains in
question to exist only on the PtP link.

Cheers,

David.

--
DAVID FARRELL
IP Engineer
Tibus
Hosting& Connectivity

Follow us on Twitter: http://twitter.com/tibus

T: +44 (0)28 9033 1122
F: +44 (0)28 9042 4709
E: dfarrell@tibus.com
W: www.tibus.com | www.tibushost.com | www.tibusconnect.com

Tibus is a trading name of The Internet Business Ltd, a company limited by share capital and registered in Northern Ireland, NI31235. It is a part of UTV Media Plc.

This e-mail and any attachment may contain confidential and privileged information for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorised to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message.

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
gal.9430 at googlemail
May 23, 2012, 10:49 PM
Post #25 of 44 (15184 views)
Permalink
Sibbi,
No errors on the second interface with LX optic:

GigabitEthernet0/2 is up, line protocol is up
Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81a (bia
0006.52f4.d81a)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 2/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is autonegotiation, media type is LX
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/1018/467 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 6692000 bits/sec, 1543 packets/sec
5 minute output rate 8629000 bits/sec, 2402 packets/sec
240944267 packets input, 764868435 bytes, 20 no buffer
Received 665 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 8 multicast, 0 pause input
0 input packets with dribble condition detected
307328333 packets output, 3150334452 bytes, 0 underruns
5 output errors, 0 collisions, 4 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
5 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

It is a good time to start with a layer-1 diagnostic and change the optics.



On Thu, May 24, 2012 at 1:10 AM, Sigurbjörn Birkir Lárusson
<sigurbjornl@vodafone.is> wrote:
> Similar traffic on the other port I assume, outbound port for the router?
> No input errors there?
>
> If you also see input errors and overruns on the other port, the CPU is
> probably having issues emptying the buffer before it runs out of buffer
> space which would suggest high CPU usage during the times when the
> overruns are occuring.  Then you should look at why that is the case, it's
> not enough traffic to really cause that issue, but you might have other
> features enabled that are causing the box to use a lot of cpu.
>
> If there are no errors on the other port, it's more likely that this is a
> layer 1 problem, and you should try replacing the optics if you have
> spares or cleaning the existing ones
>
> Kind regards,
> Sibbi
>
> On 23.5.2012 21:24, "gal.9430@googlemail.com" <gal.9430@googlemail.com>
> wrote:
>
>>> Are you getting bursts of traffic that might not register on traffic
>>>graphs polling at 5 minute intervals?
>>
>>No, I don't think so. Burst traffic never exceeds 80-100 Mbps. We're
>>polling in a 1 min interval.
>>
>>
>>On Wed, May 23, 2012 at 11:16 PM, Edward Salonia
>><Edward.Salonia@ipsoft.com> wrote:
>>> Drops and overruns... Sounds like you are overloading your port buffer.
>>>Are you getting bursts of traffic that might not register on traffic
>>>graphs polling at 5 minute intervals?
>>>
>>> - Ed
>>>
>>> -----Original Message-----
>>> From: cisco-nsp-bounces@puck.nether.net
>>>[mailto:cisco-nsp-bounces@puck.nether.net] On Behalf Of
>>>gal.9430@googlemail.com
>>> Sent: Wednesday, May 23, 2012 5:00 PM
>>> To: Sigurbjörn Birkir Lárusson
>>> Cc: cisco-nsp@puck.nether.net
>>> Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface
>>>
>>>> Is this the only traffic going through this 7200?
>>>
>>> No. Gi0/1 is connected via 2960G to another router (iBGP). Gi0/2 is
>>> connected to an eBGP peer
>>> who sends a full table.
>>>
>>>> How is your scheduler allocate set on the 7200...
>>>
>>> Default value, not changed.
>>>
>>>> ...have you tried a new cable and cleaning the optics?
>>>
>>> New cable: yes
>>> Cleaning the optics: no
>>>
>>>
>>>
>>> On Wed, May 23, 2012 at 10:40 PM, Sigurbjörn Birkir Lárusson
>>> <sigurbjornl@vodafone.is> wrote:
>>>> Is this the only traffic going through this 7200?
>>>>
>>>> How is your scheduler allocate set on the 7200, have you tried a new
>>>>cable
>>>> and cleaning the optics?
>>>>
>>>> Kind regards,
>>>> Sibbi
>>>>
>>>> On 23.5.2012 19:33, "gal.9430@googlemail.com" <gal.9430@googlemail.com>
>>>> wrote:
>>>>
>>>>>Hi,
>>>>>
>>>>>thanks all for the input.
>>>>>
>>>>>Increasing the hold-queue (from default to 100) doesn't seem to help at
>>>>>all:
>>>>>
>>>>>GigabitEthernet0/1 is up, line protocol is up
>>>>>  Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
>>>>>0006.52f4.d81b)
>>>>>  Internet address is x.x.x.x/28
>>>>>  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
>>>>>     reliability 255/255, txload 1/255, rxload 2/255
>>>>>  Encapsulation ARPA, loopback not set
>>>>>  Keepalive set (10 sec)
>>>>>  Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
>>>>>  output flow-control is XON, input flow-control is XON
>>>>>  ARP type: ARPA, ARP Timeout 04:00:00
>>>>>  Last input 00:00:00, output 00:00:00, output hang never
>>>>>  Last clearing of "show interface" counters 02:17:11
>>>>>  Input queue: 0/100/742/0 (size/max/drops/flushes); Total output
>>>>>drops: 0
>>>>>  Queueing strategy: fifo
>>>>>  Output queue: 0/40 (size/max)
>>>>>  5 minute input rate 10536000 bits/sec, 1824 packets/sec
>>>>>  5 minute output rate 6813000 bits/sec, 2121 packets/sec
>>>>>     11770910 packets input, 2922271410 bytes, 0 no buffer
>>>>>     Received 215 broadcasts, 0 runts, 0 giants, 0 throttles
>>>>>     341 input errors, 0 CRC, 0 frame, 341 overrun, 0 ignored
>>>>>     0 watchdog, 4242 multicast, 0 pause input
>>>>>     0 input packets with dribble condition detected
>>>>>     14975201 packets output, 1820911878 bytes, 0 underruns
>>>>>     0 output errors, 0 collisions, 0 interface resets
>>>>>     137 unknown protocol drops
>>>>>     0 babbles, 0 late collision, 0 deferred
>>>>>     0 lost carrier, 0 no carrier, 0 pause output
>>>>>     0 output buffer failures, 0 output buffers swapped out
>>>>>
>>>>>Will go from 100 to 150 and see whats happen.
>>>>>
>>>>>
>>>>>
>>>>>On Wed, May 23, 2012 at 9:27 PM, Phil Mayers <p.mayers@imperial.ac.uk>
>>>>>wrote:
>>>>>> On 05/23/2012 08:18 PM, Chris Gotstein wrote:
>>>>>>>
>>>>>>> %Warning: portfast should only be enabled on ports connected to a
>>>>>>>single
>>>>>>> host. Connecting hubs, concentrators, switches, bridges, etcÅ  to
>>>>>>>this
>>>>>>> interface when portfast is enabled, can cause temporary bridging
>>>>>>>loops.
>>>>>>>
>>>>>>> My understanding of this was a router would be included as well
>>>>>>>since
>>>>>>> it's used to connect multiple hosts.
>>>>>>
>>>>>>
>>>>>> If you don't enable portfast, you have to suffer the STP state
>>>>>>transitions,
>>>>>> which lead to delays in traffic forwarding after link-up.
>>>>>>
>>>>>> Portfast basically means: "This port is unlikely to be connected to
>>>>>>another
>>>>>> bridge or hub, so skip the LISTENING/LEARNING transitions and jump
>>>>>>straight
>>>>>> to forwarding; if it goes wrong, STP will close the loop shortly."
>>>>>>
>>>>>> It's not magic; and it should be enabled on all host ports. Routers
>>>>>>are
>>>>>> hosts, at layer2.
>>>>>>
>>>>>> _______________________________________________
>>>>>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>
>>>>>_______________________________________________
>>>>>cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>>>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
gal.9430 at googlemail
May 23, 2012, 10:53 PM
Post #26 of 44 (7775 views)
Permalink
I don't run QoS on this box but Netflow. Will disable the flows and
see what happens.


On Thu, May 24, 2012 at 1:13 AM, Matlock, Kenneth L
<MatlockK@exempla.org> wrote:
> The problem with a 1 minute interval is that you can EASILY be bursting well above that for short periods of time. remember that 80-100Mbps is an average over the entire 1 minute.
>
> Are you running QoS or Netflow on this box?
>
> Ken
>
> ________________________________
>
> From: cisco-nsp-bounces@puck.nether.net on behalf of gal.9430@googlemail.com
> Sent: Wed 5/23/2012 3:24 PM
> To: Edward Salonia
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface
>
>
>
>> Are you getting bursts of traffic that might not register on traffic graphs polling at 5 minute intervals?
>
> No, I don't think so. Burst traffic never exceeds 80-100 Mbps. We're
> polling in a 1 min interval.
>
>
> On Wed, May 23, 2012 at 11:16 PM, Edward Salonia
> <Edward.Salonia@ipsoft.com> wrote:
>> Drops and overruns... Sounds like you are overloading your port buffer. Are you getting bursts of traffic that might not register on traffic graphs polling at 5 minute intervals?
>>
>> - Ed
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces@puck.nether.net [mailto:cisco-nsp-bounces@puck.nether.net] On Behalf Of gal.9430@googlemail.com
>> Sent: Wednesday, May 23, 2012 5:00 PM
>> To: Sigurbjörn Birkir Lárusson
>> Cc: cisco-nsp@puck.nether.net
>> Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface
>>
>>> Is this the only traffic going through this 7200?
>>
>> No. Gi0/1 is connected via 2960G to another router (iBGP). Gi0/2 is
>> connected to an eBGP peer
>> who sends a full table.
>>
>>> How is your scheduler allocate set on the 7200...
>>
>> Default value, not changed.
>>
>>> ...have you tried a new cable and cleaning the optics?
>>
>> New cable: yes
>> Cleaning the optics: no
>>
>>
>>
>> On Wed, May 23, 2012 at 10:40 PM, Sigurbjörn Birkir Lárusson
>> <sigurbjornl@vodafone.is> wrote:
>>> Is this the only traffic going through this 7200?
>>>
>>> How is your scheduler allocate set on the 7200, have you tried a new cable
>>> and cleaning the optics?
>>>
>>> Kind regards,
>>> Sibbi
>>>
>>> On 23.5.2012 19:33, "gal.9430@googlemail.com" <gal.9430@googlemail.com>
>>> wrote:
>>>
>>>>Hi,
>>>>
>>>>thanks all for the input.
>>>>
>>>>Increasing the hold-queue (from default to 100) doesn't seem to help at
>>>>all:
>>>>
>>>>GigabitEthernet0/1 is up, line protocol is up
>>>>  Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
>>>>0006.52f4.d81b)
>>>>  Internet address is x.x.x.x/28
>>>>  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
>>>>     reliability 255/255, txload 1/255, rxload 2/255
>>>>  Encapsulation ARPA, loopback not set
>>>>  Keepalive set (10 sec)
>>>>  Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
>>>>  output flow-control is XON, input flow-control is XON
>>>>  ARP type: ARPA, ARP Timeout 04:00:00
>>>>  Last input 00:00:00, output 00:00:00, output hang never
>>>>  Last clearing of "show interface" counters 02:17:11
>>>>  Input queue: 0/100/742/0 (size/max/drops/flushes); Total output drops: 0
>>>>  Queueing strategy: fifo
>>>>  Output queue: 0/40 (size/max)
>>>>  5 minute input rate 10536000 bits/sec, 1824 packets/sec
>>>>  5 minute output rate 6813000 bits/sec, 2121 packets/sec
>>>>     11770910 packets input, 2922271410 bytes, 0 no buffer
>>>>     Received 215 broadcasts, 0 runts, 0 giants, 0 throttles
>>>>     341 input errors, 0 CRC, 0 frame, 341 overrun, 0 ignored
>>>>     0 watchdog, 4242 multicast, 0 pause input
>>>>     0 input packets with dribble condition detected
>>>>     14975201 packets output, 1820911878 bytes, 0 underruns
>>>>     0 output errors, 0 collisions, 0 interface resets
>>>>     137 unknown protocol drops
>>>>     0 babbles, 0 late collision, 0 deferred
>>>>     0 lost carrier, 0 no carrier, 0 pause output
>>>>     0 output buffer failures, 0 output buffers swapped out
>>>>
>>>>Will go from 100 to 150 and see whats happen.
>>>>
>>>>
>>>>
>>>>On Wed, May 23, 2012 at 9:27 PM, Phil Mayers <p.mayers@imperial.ac.uk>
>>>>wrote:
>>>>> On 05/23/2012 08:18 PM, Chris Gotstein wrote:
>>>>>>
>>>>>> %Warning: portfast should only be enabled on ports connected to a
>>>>>>single
>>>>>> host. Connecting hubs, concentrators, switches, bridges, etcS to this
>>>>>> interface when portfast is enabled, can cause temporary bridging loops.
>>>>>>
>>>>>> My understanding of this was a router would be included as well since
>>>>>> it's used to connect multiple hosts.
>>>>>
>>>>>
>>>>> If you don't enable portfast, you have to suffer the STP state
>>>>>transitions,
>>>>> which lead to delays in traffic forwarding after link-up.
>>>>>
>>>>> Portfast basically means: "This port is unlikely to be connected to
>>>>>another
>>>>> bridge or hub, so skip the LISTENING/LEARNING transitions and jump
>>>>>straight
>>>>> to forwarding; if it goes wrong, STP will close the loop shortly."
>>>>>
>>>>> It's not magic; and it should be enabled on all host ports. Routers are
>>>>> hosts, at layer2.
>>>>>
>>>>> _______________________________________________
>>>>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>
>>>>_______________________________________________
>>>>cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> *** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***
>

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
p.mayers at imperial
May 24, 2012, 1:31 AM
Post #27 of 44 (7770 views)
Permalink
On 05/24/2012 06:16 AM, David Farrell wrote:
> On 23/05/2012 20:27, Phil Mayers wrote:
>> If you don't enable portfast, you have to suffer the STP state
>> transitions, which lead to delays in traffic forwarding after link-up.
> I wondered what people's feelings/experiences were with respect to
> completely disabling STP where appropriate?
>
> I have 100% control over topology and some PtP dotq trunk links, I
> thought of placing 'spanning-tree bpdufilter enable' rather than
> 'portfast trunk' on these ports. I have no need to to send or receive
> STP BPDUs on these ports, even though the underlying technology is
> Ethernet. Hosts are a mixture of L3 switches and routers, but
> configuration should limit the extent of the broadcast domains in
> question to exist only on the PtP link.

We run PVST, and do indeed disable STP completely on VLANs which are
used for directed routed ptp links i.e. are only on one port, and only
make one hop.

We don't disable it on the whole port because often the port is carrying
other vlans which are PVST enabled (e.g. between an HSRP master&slave /
STP primary&secondary root switch pair).

We do have some links which carry a routed p2p only, but even then we
just disable STP on the vlan, not the port.

Obviously if you're running MST or classic STP this per-vlan approach
isn't available, and you can only do per-port.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
peter at rathlev
May 24, 2012, 1:56 AM
Post #28 of 44 (7761 views)
Permalink
On Wed, 2012-05-23 at 13:15 -0500, Chris Gotstein wrote:
> It's probably not going to address the overrun issue, but from a best
> practices stand point, it should not be enabled on interfaces that
> connected to other connected devices, ie a router or switch.

To recap what others have said: Portfast is IMO always a good idea when
connecting to anything that does not create a L2 loop, i.e. a bridge. We
use Portfast and BPDU Guard on all links towards routers. That also
covers trunks toward a 6500 swouter if it's a "no switchport" with
subinterfaces. Not using Portfast means that many failover situations
take forever to converge.

On the other hand we never use Portfast unless we can also enable BPDU
Guard. Otherwise you're not protected from someone accidentally
connecting the port to a switch.

BPDU Filter is IMO almost always a bad thing. There are some very
special circumstances where it's warranted, but they are few and far
between.

--
Peter


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
eh at solnet
May 24, 2012, 2:13 AM
Post #29 of 44 (7756 views)
Permalink
Hi

After the port-fast discussion back to your original question. The first
thing to look is the interface controller (show controller , show ip
interface) and the logging to make sure I don't have speed/duplex or
flow-control problems.

Second you get "unknown protocol drops" this happens mostly from cdp
packets. You send cdp from your switch but drop them on your router.

I my case I had to enable flow-control on my 3560 switch and allow pause
frames from the npe-g1. Hint: Sometimes it is more reliable to turn the
auto-neg feature off

Regards
Erich

>
> NPE-G1:
> ------------
> GigabitEthernet0/1 is up, line protocol is up
> Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
> 0006.52f4.d81b)
> Internet address is x.x.x.x/28
> MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
> reliability 255/255, txload 1/255, rxload 1/255
> Encapsulation ARPA, loopback not set
> Keepalive set (10 sec)
> Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
> output flow-control is XON, input flow-control is XON
> ARP type: ARPA, ARP Timeout 04:00:00
> Last input 00:00:00, output 00:00:00, output hang never
> Last clearing of "show interface" counters never
> Input queue: 0/75/1321/1 (size/max/drops/flushes); Total output drops: 0
> Queueing strategy: fifo
> Output queue: 0/40 (size/max)
> 5 minute input rate 4264000 bits/sec, 871 packets/sec
> 5 minute output rate 5859000 bits/sec, 1597 packets/sec
> 27479327 packets input, 3434822229 bytes, 0 no buffer
> Received 941 broadcasts, 0 runts, 0 giants, 0 throttles
> 989 input errors, 0 CRC, 0 frame, 989 overrun, 0 ignored
> 0 watchdog, 17119 multicast, 0 pause input
> 0 input packets with dribble condition detected
> 43616309 packets output, 2243854018 bytes, 0 underruns
> 5 output errors, 0 collisions, 4 interface resets
> 561 unknown protocol drops
> 0 babbles, 0 late collision, 0 deferred
> 5 lost carrier, 0 no carrier, 0 pause output
> 0 output buffer failures, 0 output buffers swapped out
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
saku at ytti
May 24, 2012, 2:28 AM
Post #30 of 44 (7754 views)
Permalink
On (2012-05-24 10:56 +0200), Peter Rathlev wrote:

> connecting to anything that does not create a L2 loop, i.e. a bridge. We
> use Portfast and BPDU Guard on all links towards routers. That also

This is incredibly dangerous. Leak one BPDU from one customer EVPN
somewhere, and all customers are down in PE facing that metro.
PE<->Metro definitely should be BPDUfilter.

On customer ports, BPDUguard is apt, which you can enable per default for
edge/portfast ports, so you only need to configure porfast.

--
++ytti
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
sigurbjornl at vodafone
May 24, 2012, 4:47 AM
Post #31 of 44 (7740 views)
Permalink
On 24.5.2012 09:28, "Saku Ytti" <saku@ytti.fi> wrote:

>On (2012-05-24 10:56 +0200), Peter Rathlev wrote:
>
>> connecting to anything that does not create a L2 loop, i.e. a bridge. We
>> use Portfast and BPDU Guard on all links towards routers. That also
>
>This is incredibly dangerous. Leak one BPDU from one customer EVPN
>somewhere, and all customers are down in PE facing that metro.
>PE<->Metro definitely should be BPDUfilter.
>
>On customer ports, BPDUguard is apt, which you can enable per default for
>edge/portfast ports, so you only need to configure porfast.

We're in complete agreement

Kind regards,
Sibbi
>


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
MatlockK at exempla
May 24, 2012, 5:19 AM
Post #32 of 44 (7763 views)
Permalink
Ahh, Netflow....

I recently had a similar issue with a 7201 (which is effectively a NPE-G2). Keep in mind that a 7200 series platform is 100% software-based.

And NPE-G2 is rated for 1024Mb/sec. This is aggregate throughput, meaning you can do 1024mb/sec in one direction, or 512mb/sec each direction before overrunning the box. This is with no services running, static routes, etc. Talked to my SE and found out that performance with QoS drops to 512mb/sec aggregate, and with Netflow it dropped to 256mb/sec. (aggregate).

Now, officially the NPE-G2 is twice as fast as an NPE-G1, So extrapolating that out means best-case you can expect peak performance of 512mb/sec, 256mb/sec with QoS, and 128mb/sec with just Netflow enabled. And with the input RX ring on those boxes being only 128 deep they are VERY sensitive to CPU spikes/latencies (such as when enabling services such as Netflow or QoS). Unfortunately that's not configurable and a hardware limitation of the chassis.

In our case we wound up replacing the 7201's with ASR1k's to get the throughput we needed.

Netflow is very handy, but a big performance hit on the 7200 line.

Hope this points you in the right direction!

Ken

________________________________

From: gal.9430@googlemail.com [mailto:gal.9430@googlemail.com]
Sent: Wed 5/23/2012 11:53 PM
To: Matlock, Kenneth L
Cc: Edward Salonia; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface



I don't run QoS on this box but Netflow. Will disable the flows and
see what happens.


On Thu, May 24, 2012 at 1:13 AM, Matlock, Kenneth L
<MatlockK@exempla.org> wrote:
> The problem with a 1 minute interval is that you can EASILY be bursting well above that for short periods of time. remember that 80-100Mbps is an average over the entire 1 minute.
>
> Are you running QoS or Netflow on this box?
>
> Ken
>
> ________________________________
>
> From: cisco-nsp-bounces@puck.nether.net on behalf of gal.9430@googlemail.com
> Sent: Wed 5/23/2012 3:24 PM
> To: Edward Salonia
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface
>
>
>
>> Are you getting bursts of traffic that might not register on traffic graphs polling at 5 minute intervals?
>
> No, I don't think so. Burst traffic never exceeds 80-100 Mbps. We're
> polling in a 1 min interval.
>
>
> On Wed, May 23, 2012 at 11:16 PM, Edward Salonia
> <Edward.Salonia@ipsoft.com> wrote:
>> Drops and overruns... Sounds like you are overloading your port buffer. Are you getting bursts of traffic that might not register on traffic graphs polling at 5 minute intervals?
>>
>> - Ed
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces@puck.nether.net [mailto:cisco-nsp-bounces@puck.nether.net] On Behalf Of gal.9430@googlemail.com
>> Sent: Wednesday, May 23, 2012 5:00 PM
>> To: Sigurbjörn Birkir Lárusson
>> Cc: cisco-nsp@puck.nether.net
>> Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface
>>
>>> Is this the only traffic going through this 7200?
>>
>> No. Gi0/1 is connected via 2960G to another router (iBGP). Gi0/2 is
>> connected to an eBGP peer
>> who sends a full table.
>>
>>> How is your scheduler allocate set on the 7200...
>>
>> Default value, not changed.
>>
>>> ...have you tried a new cable and cleaning the optics?
>>
>> New cable: yes
>> Cleaning the optics: no
>>
>>
>>
>> On Wed, May 23, 2012 at 10:40 PM, Sigurbjörn Birkir Lárusson
>> <sigurbjornl@vodafone.is> wrote:
>>> Is this the only traffic going through this 7200?
>>>
>>> How is your scheduler allocate set on the 7200, have you tried a new cable
>>> and cleaning the optics?
>>>
>>> Kind regards,
>>> Sibbi
>>>
>>> On 23.5.2012 19:33, "gal.9430@googlemail.com" <gal.9430@googlemail.com>
>>> wrote:
>>>
>>>>Hi,
>>>>
>>>>thanks all for the input.
>>>>
>>>>Increasing the hold-queue (from default to 100) doesn't seem to help at
>>>>all:
>>>>
>>>>GigabitEthernet0/1 is up, line protocol is up
>>>> Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
>>>>0006.52f4.d81b)
>>>> Internet address is x.x.x.x/28
>>>> MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
>>>> reliability 255/255, txload 1/255, rxload 2/255
>>>> Encapsulation ARPA, loopback not set
>>>> Keepalive set (10 sec)
>>>> Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
>>>> output flow-control is XON, input flow-control is XON
>>>> ARP type: ARPA, ARP Timeout 04:00:00
>>>> Last input 00:00:00, output 00:00:00, output hang never
>>>> Last clearing of "show interface" counters 02:17:11
>>>> Input queue: 0/100/742/0 (size/max/drops/flushes); Total output drops: 0
>>>> Queueing strategy: fifo
>>>> Output queue: 0/40 (size/max)
>>>> 5 minute input rate 10536000 bits/sec, 1824 packets/sec
>>>> 5 minute output rate 6813000 bits/sec, 2121 packets/sec
>>>> 11770910 packets input, 2922271410 bytes, 0 no buffer
>>>> Received 215 broadcasts, 0 runts, 0 giants, 0 throttles
>>>> 341 input errors, 0 CRC, 0 frame, 341 overrun, 0 ignored
>>>> 0 watchdog, 4242 multicast, 0 pause input
>>>> 0 input packets with dribble condition detected
>>>> 14975201 packets output, 1820911878 bytes, 0 underruns
>>>> 0 output errors, 0 collisions, 0 interface resets
>>>> 137 unknown protocol drops
>>>> 0 babbles, 0 late collision, 0 deferred
>>>> 0 lost carrier, 0 no carrier, 0 pause output
>>>> 0 output buffer failures, 0 output buffers swapped out
>>>>
>>>>Will go from 100 to 150 and see whats happen.
>>>>
>>>>
>>>>
>>>>On Wed, May 23, 2012 at 9:27 PM, Phil Mayers <p.mayers@imperial.ac.uk>
>>>>wrote:
>>>>> On 05/23/2012 08:18 PM, Chris Gotstein wrote:
>>>>>>
>>>>>> %Warning: portfast should only be enabled on ports connected to a
>>>>>>single
>>>>>> host. Connecting hubs, concentrators, switches, bridges, etcS to this
>>>>>> interface when portfast is enabled, can cause temporary bridging loops.
>>>>>>
>>>>>> My understanding of this was a router would be included as well since
>>>>>> it's used to connect multiple hosts.
>>>>>
>>>>>
>>>>> If you don't enable portfast, you have to suffer the STP state
>>>>>transitions,
>>>>> which lead to delays in traffic forwarding after link-up.
>>>>>
>>>>> Portfast basically means: "This port is unlikely to be connected to
>>>>>another
>>>>> bridge or hub, so skip the LISTENING/LEARNING transitions and jump
>>>>>straight
>>>>> to forwarding; if it goes wrong, STP will close the loop shortly."
>>>>>
>>>>> It's not magic; and it should be enabled on all host ports. Routers are
>>>>> hosts, at layer2.
>>>>>
>>>>> _______________________________________________
>>>>> cisco-nsp mailing list cisco-nsp@puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>
>>>>_______________________________________________
>>>>cisco-nsp mailing list cisco-nsp@puck.nether.net
>>>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> *** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***
>


*** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
mark.tinka at seacom
May 24, 2012, 5:30 AM
Post #33 of 44 (7736 views)
Permalink
On Thursday, May 24, 2012 02:19:39 PM Matlock, Kenneth L
wrote:

> I recently had a similar issue with a 7201 (which is
> effectively a NPE-G2). Keep in mind that a 7200 series
> platform is 100% software-based.

Except for the part where they said the 4th Gig-E port is a
PCI-X connection to the board and can run at line rate
independently.

Never did quite figure that one out :-).

> And NPE-G2 is rated for 1024Mb/sec. This is aggregate
> throughput, meaning you can do 1024mb/sec in one
> direction, or 512mb/sec each direction before
> overrunning the box. This is with no services running,
> static routes, etc. Talked to my SE and found out that
> performance with QoS drops to 512mb/sec aggregate, and
> with Netflow it dropped to 256mb/sec. (aggregate).

We used the NPE-G2 as a core router many, many years ago,
and extratced 950Mbps from it (aggregate) with 0% packet
loss at 91% CPU utilization. v6, v6, MPLS, IS-IS, LDP, RSVP.

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
MatlockK at exempla
May 24, 2012, 5:37 AM
Post #34 of 44 (7762 views)
Permalink
Ha! So that 1 port can do line rate to..... the CPU? :)

And I can see getting that linerate out of the box. It's things like QoS and Netflow that really have to involve the CPU much more than simple packet forwarding.

Once you get most of those services established (such as ISIS) there's really not much for the CPU to do to maintain the table.

Ken

________________________________

From: Mark Tinka [mailto:mark.tinka@seacom.mu]
Sent: Thu 5/24/2012 6:30 AM
To: cisco-nsp@puck.nether.net
Cc: Matlock, Kenneth L; gal.9430@googlemail.com
Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface



On Thursday, May 24, 2012 02:19:39 PM Matlock, Kenneth L
wrote:

> I recently had a similar issue with a 7201 (which is
> effectively a NPE-G2). Keep in mind that a 7200 series
> platform is 100% software-based.

Except for the part where they said the 4th Gig-E port is a
PCI-X connection to the board and can run at line rate
independently.

Never did quite figure that one out :-).

> And NPE-G2 is rated for 1024Mb/sec. This is aggregate
> throughput, meaning you can do 1024mb/sec in one
> direction, or 512mb/sec each direction before
> overrunning the box. This is with no services running,
> static routes, etc. Talked to my SE and found out that
> performance with QoS drops to 512mb/sec aggregate, and
> with Netflow it dropped to 256mb/sec. (aggregate).

We used the NPE-G2 as a core router many, many years ago,
and extratced 950Mbps from it (aggregate) with 0% packet
loss at 91% CPU utilization. v6, v6, MPLS, IS-IS, LDP, RSVP.

Mark.


*** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
gert at greenie
May 24, 2012, 5:37 AM
Post #35 of 44 (7760 views)
Permalink
Hi,

On Thu, May 24, 2012 at 12:38:49PM +0200, adam vitkovsky wrote:
> What do you think about enabling port-fast on trunks between switches that
> are connected in a star topology (no redundant links) and running MST

I do not run MST anywhere, so I'm not sure how portfast and MST interact.

OTOH, if you connect switches with *RSTP* together, the links will be
up and forwarding in very short time anyway, so portfast won't make
much difference.

> I'm asking because we have problems with TCN and following CAM table flushes
> when ports flap
> We suspect that the CAM table flushes have negative effects on IPTV streams
> There was the idea of enabling port-fast on trunks since the topology is a
> cascaded star and when a segment goes offline there's no other way to get to
> it -so no need for the whole instance/domain to suffer from topology change
> And in case the someone creates an artificial loop MST should take care of
> it as soon as it hears the first bpdu right

Well, if you are *sure* your topology has no loops, then just turn off
spanning tree. No TCNs.

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert@net.informatik.tu-muenchen.de
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
gert at greenie
May 24, 2012, 5:39 AM
Post #36 of 44 (7831 views)
Permalink
Hi,

On Thu, May 24, 2012 at 02:30:59PM +0200, Mark Tinka wrote:
> > I recently had a similar issue with a 7201 (which is
> > effectively a NPE-G2). Keep in mind that a 7200 series
> > platform is 100% software-based.
>
> Except for the part where they said the 4th Gig-E port is a
> PCI-X connection to the board and can run at line rate
> independently.
>
> Never did quite figure that one out :-).

Well, I'd interpret that as "it is not connected to the PCI bus, so
won't eat bandwidth points from there". Not as "will do distributed
anything".

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert@net.informatik.tu-muenchen.de
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
mark.tinka at seacom
May 24, 2012, 5:42 AM
Post #37 of 44 (7765 views)
Permalink
On Thursday, May 24, 2012 02:37:47 PM Gert Doering wrote:

> OTOH, if you connect switches with *RSTP* together, the
> links will be up and forwarding in very short time
> anyway, so portfast won't make much difference.

Aye - which is why we run RSTP everywhere we need STP
anyway.

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
mark.tinka at seacom
May 24, 2012, 5:44 AM
Post #38 of 44 (7768 views)
Permalink
On Thursday, May 24, 2012 02:39:20 PM Gert Doering wrote:

> Well, I'd interpret that as "it is not connected to the
> PCI bus, so won't eat bandwidth points from there". Not
> as "will do distributed anything".

Right, that was my interpretation too, but for me, each port
performed the same, so it was a non-starter.

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
gert at greenie
May 24, 2012, 5:54 AM
Post #39 of 44 (7747 views)
Permalink
Hi,

On Thu, May 24, 2012 at 02:44:42PM +0200, Mark Tinka wrote:
> On Thursday, May 24, 2012 02:39:20 PM Gert Doering wrote:
>
> > Well, I'd interpret that as "it is not connected to the
> > PCI bus, so won't eat bandwidth points from there". Not
> > as "will do distributed anything".
>
> Right, that was my interpretation too, but for me, each port
> performed the same, so it was a non-starter.

If I'm not mistaken, the other 3 GE ports are directly connected
to the CPU on the SoC - so "no bus at all".

The difference would be "... if compared to a PA-GE sitting on the
classic PCI bus".

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert@net.informatik.tu-muenchen.de
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
mark.tinka at seacom
May 24, 2012, 5:58 AM
Post #40 of 44 (7747 views)
Permalink
On Thursday, May 24, 2012 02:54:03 PM Gert Doering wrote:

> If I'm not mistaken, the other 3 GE ports are directly
> connected to the CPU on the SoC - so "no bus at all".

That's right.

> The difference would be "... if compared to a PA-GE
> sitting on the classic PCI bus".

Agree, but given the overall throughput of the box is just
under 1Gbps, I suppose it all works out considering not lal
4x ports were full at any one time :-).

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
chuckchurch at gmail
May 24, 2012, 6:17 AM
Post #41 of 44 (7790 views)
Permalink
Regarding that IPTV issue, there is a Cisco switch option to not flush IGMP
table mappings when a TCN goes out, that accomplishes the same thing as
portfast, but without the (slight) risk of using that:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configu
ration/guide/multi.html#wp1049520

Chuck

-----Original Message-----
From: cisco-nsp-bounces@puck.nether.net
[mailto:cisco-nsp-bounces@puck.nether.net] On Behalf Of Gert Doering
Sent: Thursday, May 24, 2012 5:38 AM
To: adam vitkovsky
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Lot of input errors on a NPE-G1 interface

Hi,

On Thu, May 24, 2012 at 12:38:49PM +0200, adam vitkovsky wrote:
> What do you think about enabling port-fast on trunks between switches
> that are connected in a star topology (no redundant links) and running
> MST

I do not run MST anywhere, so I'm not sure how portfast and MST interact.

OTOH, if you connect switches with *RSTP* together, the links will be up and
forwarding in very short time anyway, so portfast won't make much
difference.

> I'm asking because we have problems with TCN and following CAM table
> flushes when ports flap We suspect that the CAM table flushes have
> negative effects on IPTV streams There was the idea of enabling
> port-fast on trunks since the topology is a cascaded star and when a
> segment goes offline there's no other way to get to it -so no need for
> the whole instance/domain to suffer from topology change And in case
> the someone creates an artificial loop MST should take care of it as
> soon as it hears the first bpdu right

Well, if you are *sure* your topology has no loops, then just turn off
spanning tree. No TCNs.

gert
--
USENET is *not* the non-clickable part of WWW!

//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert@greenie.muc.de
fax: +49-89-35655025
gert@net.informatik.tu-muenchen.de
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
gal.9430 at googlemail
May 24, 2012, 6:44 AM
Post #42 of 44 (7792 views)
Permalink
Hi,

> After the port-fast discussion back to your original question. The first
> thing to look is the interface controller (show controller , show ip
> interface) and the logging to make sure I don't have speed/duplex or
> flow-control problems.

router2#show controller
...
Interface GigabitEthernet0/1 (idb 0x65C58CDC)
Hardware is BCM1250 Internal MAC (Revision B2/B3)
Network connection mode is AUTO
network link is up
Config is 1Gbps, Full Duplex
Selected media-type is GBIC
GBIC type is 1000BaseSX
...
...
PHY says Link is UP, Speed 1000Mbps, Full-Duplex [AUTONEG Done]
Physical Interface - GBIC
AUTONEG - Our ability is 1000M/FD Pause Capable (Asymmetric)
AUTONEG - Partner ability is 1000M/HD 1000M/FD

router2#sh ip int Gi0/1
GigabitEthernet0/1 is up, line protocol is up
Internet address is x.x.x.x/28
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is disabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP Feature Fast switching turbo vector
IP Feature CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled

Next step is to disable autonegotiation and set speed/duplex hardcoded
on both sides.

BTW, disabling netflow decreases the CPU utilization dramatically :-)

After increase the hold-queue from 100 to 150 and disabling netflow the input
errors are still alive:
(clearing the counter nearly 8 hours before)

sh int Gi0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
0006.52f4.d81b)
Internet address is 94.103.161.235/28
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 07:47:20
Input queue: 0/150/2026/2 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 6191000 bits/sec, 1385 packets/sec
5 minute output rate 7266000 bits/sec, 2079 packets/sec
40892419 packets input, 1638492851 bytes, 0 no buffer
Received 773 broadcasts, 0 runts, 0 giants, 0 throttles
880 input errors, 0 CRC, 0 frame, 880 overrun, 0 ignored
0 watchdog, 14448 multicast, 0 pause input
0 input packets with dribble condition detected
53498590 packets output, 3784646524 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
467 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out


Regards





On Thu, May 24, 2012 at 11:13 AM, Erich Hohermuth <eh@solnet.ch> wrote:
> Hi
>
> After the port-fast discussion back to your original question. The first
> thing to look is the interface controller (show controller , show ip
> interface) and the logging to make sure I don't have speed/duplex or
> flow-control problems.
>
> Second you get "unknown protocol drops" this happens mostly from cdp
> packets. You send cdp from your switch but drop them on your router.
>
> I my case I had to enable flow-control on my 3560 switch and allow pause
> frames from the npe-g1. Hint: Sometimes it is more reliable to turn the
> auto-neg feature off
>
> Regards
>  Erich
>
>>
>> NPE-G1:
>> ------------
>> GigabitEthernet0/1 is up, line protocol is up
>>   Hardware is BCM1250 Internal MAC, address is 0006.52f4.d81b (bia
>> 0006.52f4.d81b)
>>   Internet address is x.x.x.x/28
>>   MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
>>      reliability 255/255, txload 1/255, rxload 1/255
>>   Encapsulation ARPA, loopback not set
>>   Keepalive set (10 sec)
>>   Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
>>   output flow-control is XON, input flow-control is XON
>>   ARP type: ARPA, ARP Timeout 04:00:00
>>   Last input 00:00:00, output 00:00:00, output hang never
>>   Last clearing of "show interface" counters never
>>   Input queue: 0/75/1321/1 (size/max/drops/flushes); Total output drops: 0
>>   Queueing strategy: fifo
>>   Output queue: 0/40 (size/max)
>>   5 minute input rate 4264000 bits/sec, 871 packets/sec
>>   5 minute output rate 5859000 bits/sec, 1597 packets/sec
>>      27479327 packets input, 3434822229 bytes, 0 no buffer
>>      Received 941 broadcasts, 0 runts, 0 giants, 0 throttles
>>      989 input errors, 0 CRC, 0 frame, 989 overrun, 0 ignored
>>      0 watchdog, 17119 multicast, 0 pause input
>>      0 input packets with dribble condition detected
>>      43616309 packets output, 2243854018 bytes, 0 underruns
>>      5 output errors, 0 collisions, 4 interface resets
>>      561 unknown protocol drops
>>      0 babbles, 0 late collision, 0 deferred
>>      5 lost carrier, 0 no carrier, 0 pause output
>>      0 output buffer failures, 0 output buffers swapped out

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
saku at ytti
May 24, 2012, 6:48 AM
Post #43 of 44 (7751 views)
Permalink
On (2012-05-24 14:37 +0200), Gert Doering wrote:

> I do not run MST anywhere, so I'm not sure how portfast and MST interact.

MST with single instance is same as RSTP from this perspective. If you
don't configure non-MST participating port as edge port (or cisco term
portfast) then you are waiting 30s for permission from that port.

When all ports in switch have given permission, then the switch will give
permission to upstream.
So any non-edge port, will delay this permission for 30s. (You knew this
as you know RST, this is benefit of other).

--
++ytti
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Lot of input errors on a NPE-G1 interface [ In reply to ]
MatlockK at exempla
May 24, 2012, 7:33 AM
Post #44 of 44 (7775 views)
Permalink
Think about the buffering on a chassis like a 7200 like this.

You have 2 buffers on input, the RX ring (a hardware buffer), and the
input queue (a software buffer)

A packet comes in on the wire, and goes into the RX ring. That generates
a CPU interrupt. The CPU needs to finish its current task then go
address the interrupt. It takes the packet off the RX ring and puts it
into the input queue. The CPU then takes the packet from the input
queue, applies ACLs/NAT/etc to it before deciding if/how to forward it.

Now, keep in mind that a 7200 only has an RX ring of *128*. Worst-case
at 64 byte packets that's only 8192 bytes of hardware buffer space.

At 1gb/sec (say a small burst) that only gives the CPU about 60
*Microseconds* to finish what it's doing and grab that first packet off
the RX ring before the queue fills up and you get an overrun.

The only real fixes to this are

1) Even out the traffic to remove the bursts (traffic shaping upstream)
2) Decrease the CPU to let it better handle the bursts
3) Get a bigger box that does the hardware-software transfers via
hardware, not on the CPU.

You can see how much of the CPU is being taken up by a 'show proc cpu'
(the %x/%y portion) %x shows the CPU utilization, the %y shows how much
is interrupt traffic.

Ken Matlock
Network Analyst
303-467-4671
matlockk@exempla.org

*** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal