AD and Applications slow to response on the other side of router.

[skk391]

Hi all,

I have a couple of issues that I would like to put forward. I have 2 network. A 10.1.1.x and 172.16.0.x with a router in between.

I have a number of machines located on the 172.16.0.x along with VOIP phones. The main application server are located on the other side of the router. I.e 10.1.1.x along with all the active directory servers.

The machines on the 17.16.0.x network do authenticate with the AD servers and also do load our in- house software but are they are very slow. Taking around 20-35 seconds to display the desktop and around 20 seconds to load applications from servers on the 10.1.1.x.

I have added ip host name statements into my config because I thought it was a DNS issue causing the delay.

On a less important but side note. I have issues when trying to add machines from the 172.16.0.x network to the domain. I have to add the machine to the 10.1.1.x network and then add to the domain and then change back to the 172.16.0.x

Is it the amount of traffic being handled by the router?

Any idea's anyone??



I have added a copy of my config.....


Router#show config
Using 1672 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
ip domain lookup source-interface FastEthernet0/1
ip domain name horizon
ip host ** 10.1.1.2
ip host ** 10.1.1.12
ip host ** 10.1.1.19
ip host ** 10.1.1.10
ip host ** 10.1.1.11
ip name-server 10.1.1.12
ip name-server 10.1.1.18
ip dhcp excluded-address 172.16.0.1 172.16.0.30
!
ip dhcp pool VOIP
network 172.16.0.0 255.255.255.0
default-router 172.16.0.1
dns-server 10.1.1.12
option 242 ascii "172.16.0.2,MCPORT=1719,HTTPSRVR=172.16.0.2,VLANTEST=1"
option 176 ascii "MCIPADD=172.16.0.2,MCPORT=1719,TFTPSRVR=172.16.0.2,HTTPSRVR=172.16.0.2,VLANTEST=1"
domain-name **********.com
lease 7 16 30
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description Interface to the VOIP
ip address 172.16.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description Connection to *******
ip address 10.1.1.28 255.255.255.0
duplex auto
speed auto
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 10.0.0.0 255.255.255.0 FastEthernet0/1
ip route 172.0.0.0 255.0.0.0 FastEthernet0/0
ip route 172.16.0.0 255.255.0.0 FastEthernet0/0
ip route 172.16.0.0 255.255.255.0 FastEthernet0/1
ip route 172.16.0.0 255.255.255.0 FastEthernet0/0
!
!
!
!
!

!
!
!
line con 0
password ******
line aux 0
line vty 0 4
password *******
no login
!
!
!
end

 

[chieftan]

What model of router is this?

I would add "service password-encryption" for security, so when a show run command is made the passwords are encrypted and not plain text.

What is beyond on either side of the router? Switch? If so, what type and what are the port settings?

Is there anything noticed in any debug logs?

Are the machines just slow when tranferring data or when they try and obtain there logon information as well?

 

[skk391]

Thanks for the reply the model number of the router is cisco 2651XM. The router is connected to a switch on the both sides.

on the 10.1.1.x side to a 2960 switch and the output from the port is printed below...


***_GB_1#show int gi 0/4
GigabitEthernet0/4 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 001a.a119.4c84 (bia 001a.a119.4c84)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 103000 bits/sec, 2 packets/sec
5 minute output rate 66000 bits/sec, 12 packets/sec
2176412196 packets input, 2439191547 bytes, 0 no buffer
Received 26127836 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 36 multicast, 0 pause input
0 input packets with dribble condition detected
1794586082 packets output, 3378636992 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

 

[unclerico]

The interface counters you posted cannot be connected to the XM as it only has FastEthernet interfaces and not Gig which your output shows as being negotiated. What kind of switch is terminating on the f0/0 side?? Also, remove all of your static routes on the XM except for the default route; this won't cause any issues in this configuration, but it is very messy

 

[skk391]

thanks for the reply.

yes that you are right, sorry followed the wrong cable back from the XM router. the output from the 10.1.1.x switch is:

***_GB_1#show int gi 0/1
GigabitEthernet0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 001a.a119.4c81 (bia 001a.a119.4c81)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:59, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 30000 bits/sec, 14 packets/sec
5 minute output rate 66000 bits/sec, 13 packets/sec
145268347 packets input, 1364224966 bytes, 0 no buffer
Received 1177338 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 453017 multicast, 0 pause input
0 input packets with dribble condition detected
371556626 packets output, 3584610537 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

I have been tring to get the config from the other switch connected to the fa 0/0. I cant get password the secret password, I may have to wipe in out of hours. Its connected to a 2950 with no change to the standard config.


how will I be able to tell if the amount of traffic is causing the problem? Can anyone give me some pointers on the commands.

Static routes

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 10.0.0.0 255.255.255.0 FastEthernet0/1
ip route 172.0.0.0 255.0.0.0 FastEthernet0/0
ip route 172.16.0.0 255.255.0.0 FastEthernet0/0
ip route 172.16.0.0 255.255.255.0 FastEthernet0/1
ip route 172.16.0.0 255.255.255.0 FastEthernet0/0

should this get reduced to ?
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

Thanks for any feedback

 

[chieftan]

This shows no interface errors which, if there were any issues with config would show up.

Have you completed any throughput tests to ensure this is not an application issue? For example, FTP a large file from one side to the other and see the response for the transfer? You could even test with large ping packets.

Then, complete normal troubleshooting processes to narrow down where the issue may be..... in other words test to nearest device, then next then next until you see the issue occur.

Other than has been mentioned, with the default route, I can see no other issues, unless on the actual switches themselves. Complete "show interface <interface>" on those switches as well. Also, make sure the configs on the switches are correct (As I mentioned, I am pretty sure they are), use the "show run int <interface number>" for a quick check. "show int status" is another one. Check VLANs and any VLAN trunking.... you could always mirror the ports and see what happens, also try debugging (make sure to turn debug off after). Check the buffers on the ports.....