Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

802.1q - QMOE - 2811 Intra-Office VLAN Issues 1

Status
Not open for further replies.
mfoc

mfoc

MIS
Feb 10, 2004
37
US
I'm having some strange issues on my newly tagged intra-office QMOE VLAN connection. The first noticeable issue was Active Directory functions slowed down to a crawl. AD lookups became extremely sluggish (I have a DC at both locations on the same domain). The other issue happened with remote office and a couple of Mac's using Entourage to hit out Exchange 2003 server at the main office. Connections would time out. Other issues like ssh connection problems plague the connection as well.

Seems like there's an issue with encrypted traffic across the link. Based on the snippet of config below, does this seems like a Cisco thing, or Qwest thing?

Both sites have 2811 routers with 12.4(1a).

Main office config:
Code: 
interface FastEthernet0/1
 description QMOE Tagged
 no ip address
 ip route-cache flow
 duplex full
 speed 100
 no cdp enable
 no mop enabled
!
interface FastEthernet0/1.220
 encapsulation dot1Q 220
 ip address 172.16.220.1 255.255.255.252
 no snmp trap link-status
 no cdp enable

Branch office config:
Code: 
interface FastEthernet0/1
 description QMOE Tagged
 no ip address
 ip route-cache flow
 duplex full
 speed 100
!
interface FastEthernet0/1.220
 encapsulation dot1Q 220
 ip address 172.16.220.2 255.255.255.252
 no snmp trap link-status
 no cdp enable

Any insight would be GREATLY appreciated.
 
Sort by date Sort by votes
What speed is the connection supposed to be? I assume Qwest is encrypting the traffic?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
The QMOE circuit is 100Mbps, however, this VLAN on the circuit is 70Mbps. The other 30Mbps will be an Internet VLAN.

As far as Qwest encryption, I'm not sure what they're doing.
 
Upvote 0 Downvote
Qwest claims they are layer-2 all the way through on this circuit. The next step is to put traffic through it again and see if we can increment errors on any of the interfaces.

I have a wireless point-to-point using the same router - no vlan tagging though - works fine. The only difference with this is the 802.1q. Maybe this is an issue with the 2811's..?.?.?.?
 
Upvote 0 Downvote
The max throughput through the fast ethernet interface is about 61Mbps, or 120,000 pps (packets per second), and that is with CEF switching (Cisco Express Forwarding) and nothing else processing traffic, like acl's, etc. That is the most you will get out of it. Make sure that you have

router(config)#ip cef

That's all the insight I have...any way we can see a complete config on both routers?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
ip cef is enabled

Update from Qwest - the national tech I have on the case took a deeper look and suspects that packet size may be the issue with the local Qwest equipment. He tried to send some larger ping packets through the local switches and they didn't make it. He'll be following up with local engineers to see if it could be the problem.

I find it hard to believe I'm the first person in the area to use vlan tagging over QMOE though......
 
Upvote 0 Downvote
At what MTU/MSS did the packets start dropping (assuming the Qwest tekkies set the df bit in the icmp packets)? Had you tried tweaking MTU?

Actually, why on earth would 1500 byte packets NOT make it through??

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
Giants could result if the ISP are using double tagging (QinQ). ISPs often carry traffic from different customers in vlans internally and this traffic may already be vlan tagged, in which case it becomes tagged again resulting in frames bigger than 1500 bytes.
 
Upvote 0 Downvote
Qwest called me back and said that the local engineer recognized a configuration error in the local equipment. Switched from my wireless back to the QMOE last night - all seems well today. AD sluggishness is gone, encrypted traffic seems solid. An informal 200 second speed test this morning showed a steady transmission rate of about 64400 Kbits/sec.

I can honestly say that this is the first time that I called Qwest support and their immediate answer wasn't to check MY equipment.... A+ this time around.

Thanks everyone for your suggestions!
 
Upvote 0 Downvote
Vic---good thought. Just like ISL...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
Just spoke with the Qwest tech again. It sounds like their local equipment MTU was set to 1500 instead of 1546?? He wasn't really clear. In any case, they're moving everything to 9216 to support jumbo - the equipment I was using just hadn't been changed yet.

He's seeing a few dropped packets now because one side of the QMOE is 100Mbps and the other is 70Mbps (the 70 site is getting 30 carved out for future Internet service). The router inherently keeps less than 70Mbps coming in from the 100 site, although it appears it can jump above - hence the packet drops and shaper activity he's seeing.
 
Upvote 0 Downvote
Vic---why would it be double tagged? That sounds like a huge security risk, double tagging open to vlan hopping...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
Tim,

QinQ tunneling is a VLAN conservation mechanism ISPs use to carry VLANs for customers by maintaining the customers's VLAN information across the ISP cloud using a single transport VLAN in the ISP. It is a technology that has been around for awhile but is falling out of favor as MPLS L2 and L3 VPNs become more prevalent.

This is for 6500 config CATOS

 
Upvote 0 Downvote
I was going to bring up MPLS VPN, but that cleared things up. Thanks for the PDF---I may have to lab something now. Have a star.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

inlsp05
  • Locked
  • Question
2811&2960 48 volts wiring diagram
Replies
1
Views
288
BOKA
BOKA
inlsp05
  • Locked
  • Question
2811 ios start with cf
Replies
0
Views
187
inlsp05
inlsp05
cheikhdtn
  • Locked
  • Question
VLAN
Replies
3
Views
148
iggsterman
iggsterman
DrB0b
  • Locked
  • Question
Known issues or dangers in purchasing L3 switches that are used
Replies
3
Views
206
CASSBusinessSystems
CASSBusinessSystems
Zia khan
  • Locked
  • Question
Cisco: 2811 Router
Replies
1
Views
160
CASSBusinessSystems
CASSBusinessSystems

Part and Inventory Search

Sponsor

Back
Top