C2621XM CPU Util Problem

[CeriCob]

Hi,

Appoligies for the cross post, didn't realize I was posting in Cisco Switches previously. Anyways....

I cant seem to utilize the 100Mbit bandwidth of my C2621 FastEthernet interfaces before it maxes the CPU utilization on my router (most CPU time seems to be taken at interrupt level). One interfaces serves as the LAN side and is acting as a nat inside interface and the Public interface is connected to a DMZ which is set as the nat outside interface. When downloading from a webserver on the DMZ to the LAN this is when the problem occurs

I did have quite a few ACL's set up on the inside interface, but disabled them temporarily to see if that was the issue, but at no avail. cef is enabled globally.

Does any one know what might be my issue here. Cisco specification says that the router supports 30kpps, but when checking during this activity it's showing only 500pps. Am i simply asking too much of this router to cope with 100Mbit/s traffic.

Thanks

 

[Jynxx]

2621XM can not do 100Mbps of throughput.

In case you need to ever know, here is a rough formula that to convert pps to Mbps that the router can handle (they always calculate with 64byte packets):

pps X 64 X 8 / 1024 /1024 = Mbps

So if they list "30kpps", it would be:

30000x64x8/1024/1024 = 14.65Mbps (at 100% CPU)

You will get more Mbps, but less pps with larger packet sizes, though not certain where they ever list what it would be with, say, 1400 or 1500 byte packets. However, it is best to calculate worst case scenario anyways.

 

[CeriCob]

That is not true, as I have double checked this many times with various cisco engineers. The pps specification for cisco routers does not include the frame size. The pps basically means the number of routing descisions that it can make in one second irrespective of frame size, because routing decisions are usually made by looking at the IP headers only in most cases (not including stateful packet inspection like IDS, etc..), so whether you have a frame size of 64 or 1500 the IP headers are usually the same size.

I dont think cisco could sell any router with two 100Mbs interfaces on them if the max throughput of the actual router is only 14.65Mbps.

You can actually confirm this, simply because I get around 50Mbit throughput when transferring from my DMZ to the LAN

 

[CeriCob]

Another Tek-Tips member informed me that it could be NAT which is causing the bottleneck. NAT switching does not support CEF until IOS 12.4, since I have 12.2 I am going to upgrade the IOS so that NAT switching will use CEF.

 

[Jynxx]

Maybe you misunderstood what I was saying. I was not talking about the number of routing decisions the router is capable of. The formula that I posted above was given to me by my local CE as a quick and dirty way to calculate the worst case scenario throughput performance of a router, "using" the pps rating of the router as a calculatiion parameter.

With most of your traffic being 1500 byte Ethernet frames, not the worst case scenario 64 byte frames (smallest Ethernet frame possible), absolutely you will get more than 14.65Mbps.

Based on some IP test scenario result spreadsheets that I got from my local CE, 50Mbps would be about right on if it was just doing standard Ethernet sized frames, as all of the routers listed get a little more than 3x the bandwidth at 1400 bytes than they do at 64 bytes. So that looks about right.

I know for a FACT that a 2621XM can NOT do full line rate 100Mbps. I ran in to problems trying to do just that earlier this year. We now run that 100Mbps link in to a 7204VXR with an NPE-G1 which can absolutely handle it.

Keep in mind that a 2621XM is not designed to really route between Ethernet interfaces. The dual Ethernet's are more designed for redundancy than anything else. The router is designed to route between the Ethernet and WIC cards that you can populate it with.

 

[CeriCob]

Well i'll try upgrading 12.4 to see if that does make a difference, if not, I guess i'll have to make a linux router as I dont fancy shelling out that much money just to get the bandwidth I need to the DMZ

Thanks for your help

 

[robbieguy2003]

While interfaces might be quoted for 100Mb/s link speed they sometimes dont achieve this due to other factors, this can be down to how much memory is on the router, if your running a lot of acl's etc so CPU can max out before 100Mb/s is reached.

I wish someone would just call me Sir, without adding 'Your making a scene'.

Rob