router on a stick design flaw 3

[dvtestguy]

Hello,

I have a c3800 router as my GW to/from my corp network and test mgt network. On the 3800 router, I configured sub-interfaces for vlans 12-20 as router mgt in the test network. Interface g0/1 is connected to my 6509 in trunk mode for vlans 12-20. This has worked well for quite a few years, but now running into a few issues.

Issue 1:I’m obviously starting to see slow responsiveness and periodic timeouts, and looking at how I can change this without breaking my whole network. I’m guessing the "sub-interface" topology could be considered out of date?.

Issue 2:With the stated above, I also have a need to start putting data traffic (up to 500Mb/s) across the same vlans as they need to be routable from mgt network to analyzer applications that share the same ip/server address/vlans.

c6509 int config:
int g6/1
description 3800 Router g0/1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 8,12-20 <<< vlan 8 is to my corp network and vlans 12-20 for test mgt network.
switchport mode trunk
switchport nonegotiate
no cdp enable
spanning-tree portfast trunk

***Note*** All of my c6509 switchport interfaces is configured as sw mode acc vlan (12-20) depending what mgt test gear is connected per vlan.
***Note*** The 6509 is the VTP Server for ten other Cisco switches (VTP clients) in my network where vlans 12-20 is connected via Trunk.

c3800 corp-network int config:int g0/0
description to corp network
ip address 10.15.8.2 255.255.255.0
ipv6 enable
no cdp enable

c3800 sub-interface config:int g0/1
description cisco6509 <<< main trunk connection to my test network where i have over 600 devices over vlans 12-20.
no ip address
no cdp enable
!
int g0/1.12
encapsulation dot1Q 12
ip address 10.15.12.1 255.255.255.0
no cdp enable
!
int g0/1.13
encapsulation dot1Q 13
ip address 10.15.13.1 255.255.255.0
no cdp enable
!
int g0/1.14
encapsulation dot1Q 14
ip address 10.15.14.1 255.255.255.0
no cdp enable
!
int g0/1.15
encapsulation dot1Q 15
ip address 10.15.15.1 255.255.255.0
no cdp enable
!
int g0/1.16
encapsulation dot1Q 16
ip address 10.15.16.1 255.255.255.0
no cdp enable
!
int g0/1.17
encapsulation dot1Q 17
ip address 10.15.17.1 255.255.255.0
no cdp enable
!
int g0/1.18
encapsulation dot1Q 18
ip address 10.15.18.1 255.255.255.0
no cdp enable
!
int g0/1.19
encapsulation dot1Q 19
ip address 10.15.19.1 255.255.255.0
no cdp enable
!
int g0/1.20
encapsulation dot1Q 20
ip address 10.15.20.1 255.255.255.0
no cdp enable

 

[VinceWhirlwind]

If you can enable IP routing on the 6500, then you don't need the router for your inter-VLAN routing.

You can keep the router for whatever gatewaying purpose it serves, but move all your VLANs to the 6500. Might be simpler to manage.

Having said that, if you are getting issues with "slow responsiveness and timeouts" I don't see why your design is at fault - I think you have an actual issue.

Map out all your interface performance to see if something's getting caned. MOnitor CPU and memory on all network devices as well. But the main thing is to collect interface throughput and errors stats for every interface on the network. One look at those stats is usually enough to tell you exactly what is and what isn't a problem.

 

[vipergg]

If he has a lot of routed traffic that needs to go between vlans then it could be an issue because all routed traffic must go up to the router then back down the same pipe. You would have to look at the interface utilization during slow periods. Also routers cannot push large amounts of traffic like a layer 3 switch. I agree if at all possible let the 6500 do all the routing , it is much faster and should eliminate traffic slowness . Thats quite a few subnets going up and down the same link.

 

[VinceWhirlwind]

Yeah, agree with Viper!

 

[dvtestguy]

Interestingly, the 6/1 interface to the router shows 0 stats, but the vlan 12 interface does?

cisco6509#sh int g6/1 stats
GigabitEthernet6/1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 0 0
Route cache 0 0 0 0
Distributed cache 0 0 0 0
Total 0 0 0 0
cisco6509#sh int vlan 12 stats
Vlan12
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 2562 227371 798 134638
Route cache 0 0 0 0
Distributed cache 0 0 0 0
Total 2562 227371 798 134638

 

[VinceWhirlwind]

Compare it with sh ip cef switching statistics
Try sh int g6/1 counters and sh int g6/1 switching

As Viper said, check the interface utilisation on the traffic hairpinning through the router - SNMP is usually the easiest way to do this, if you have Solarwinds or something.

You could have applications being upset by the extra (10^3 higher) latency of packets being routed (3ms) v. packets beingswitched (3µs), or you could have packets dropped and resent due to congestion.

 

[ADB100]

Having said that, if you are getting issues with "slow responsiveness and timeouts" I don't see why your design is at fault - I think you have an actual issue.

Really? He said he has a 6509 with 10 external switches and 600+ hosts and this one 3800 is doing all the inter-VLAN routing? Just copying files between two PCs on different subnets is likely to cause issues.

Seriously if the 6509 supervisor has layer-3 capabilities move the layer-3 here for your VLANs and just stick a P2P /30 between the 3800 and the 6509.

Andy

 

[dvtestguy]

I may try to move the sub-interfaces to the 6509 and use a /30 P2P. However...

My only question is....since all subnets 10.15.12.x-10.15.20.x reside on a /24 mask, do I need to add a static route or helper address for the /24 subnets (600 hosts) to be routable out to the new /30?

For example; currently the 3800 GW (10.15.12.1/24) & the 6509 L2/L3 switch (10.15.12.6/24) where all hosts have a default GW to 10.15.x.1/24 that certainly hit the 3800 router.

Thoughts?

 

[VinceWhirlwind]

I didn't see anything about 600 hosts. Now that you mention it, 600 hosts potentially hairpinning up a 1Gb link to get to their mailserver or proxy server or SQL database would be pretty crap.

In any case, I don't believe in speculating - you could be wasting your time.

"Map out all your interface performance to see if something's getting caned. "

One look at your link performances will tell you 100% what, if anything, needs to be fixed. Conclusively.

I use Solarwinds - plug my laptop in, add each of the network nodes (12 of them in this case) add all interfaces and go and get a coffee while it gathers data.
You will then have a pretty picture showing a RED link to show to management that they can't argue with, and they will approve new hardware/outage/whatever you need to fix it.

 

[VinceWhirlwind]

As to your last question, let's say all your subnets are homed on the 6500.
You do a show IP route on the 6500 and it will have routes for each of the subnets pointing at a locally-connected interface (the VLAN interface for each subnet).
The 6500 loses the .6 IP address it has in the 10.15.12.0/24 subnet and takes on the .1 address instead. (Obviously, as it will be the router for that subnet).
You have a link to the 3800 using, say 6500: 10.1.1.1 <----> 10.1.1.2 :3800
You have a 0.0.0.0 0.0.0.0 route pointing at 10.1.1.2
Any traffic for local subnets is routed locally, any other traffic goes to the 3800 router by default.

You probably just need IP helper addresses on each of the 6500 VLAN interfaces pointing at the DHCP server, wherever that is.

 

[dvtestguy]

Thanks all...I'll try a few of the recommendations and let you know. Will close out for now.