Cisco guys, got a minute?

[carl0s]

Have a look at this diagram. There is a problem at the minute, which seems to be caused by a faulty port on the Dual Port Fast Ethernet of the 3640.

If one starts an Internet download from the 192.168.100.0/24 network (the sister company), then the other port on this interface (192.168.177.50) starts to drop occasional packets.

 

I think looking at the diagram, it's clear that things are being unnecessarily routed via the 3640, for the sake of configuration convenience.

 

The ISA box could be homed directly onto the main network, so that the VPN and Internet traffic are not being unnecessarily routed via the 3640, but then we're left with a problem for the sister company. I'm thinking perhaps we could just throw in a basic computer with dual gigabit ethernet to route between the two subnets.

 

What do you think? The dropped packets thing is the actual problem, and as I was leaving today it seemed quite conclusive that any busyness on the 192.168.100.254 interface caused the 192.168.177.50 interface to drop packets (about 16% loss at some points)- either copying a file from the main company to the sister company, or using the Internet from the sister company, or even just a laptop plugged directly into the main switch but given an IP from the sister subnet, caused dropped packets on the 192.168.177.50 interface when tested from a local machine.

http://www.uk2sucks.net/net.png

[carl0s]

Routing between the two companies via the 3640 is also a major bottlekneck of course.. they could be getting the full 1000mbps.

[Lucifer]

Have you run any sniffers on this yet? I would be more concerened about the routing if teh 100 network was causing this, else you may be looking at a hardware fault. Are you using Teaming per chance?

[carl0s]

I was thinking another possibility would be to use IP aliasing and giving the necessary servers a 192.168.100.x IP.

 

hmm

[JustGav]

I'm assuming you are running VLANs...

 

So that network 192.168.177/24 and 192.168.100/24 are vlan'ed off each other, will stop multiple packets... however from the diagram a few things are off...

 

I assume there is a router between the switch and 192.168.100/24

 

Also, I would suggest, using a third interface either physical or virtual and running the workstations and servers on seperate vlans/subnets.

[carl0s]

Have you run any sniffers on this yet? I would be more concerened about the routing if teh 100 network was causing this, else you may be looking at a hardware fault. Are you using Teaming per chance?

 

I sniffed the internet side of things with a windows-based Ethereal thing (Packetyzer) via a 10base hub that I placed just before the ISA server.

 

I was seeing an surprising amount of DCERPC traffic from the IT managers machine, but it's looking like this may be caused by the ISA Server Management console thingy.

 

sh int sum on the cisco box shows very little. 10% usage on sh process while going flat out on a 500mb file copy.

[carl0s]

I'm assuming you are running VLANs...

Nope. I remember that from my (very) basic Cisco courses now..

So that network 192.168.177/24 and 192.168.100/24 are vlan'ed off each other, will stop multiple packets...

hmm.

I assume there is a router between the switch and 192.168.100/24

yep.. it goes though the 3640.. it's flowing through the same switch twice.

 

Also, I would suggest, using a third interface either physical or virtual and running the workstations and servers on seperate vlans/subnets.

 

Let me ponder what you're suggesting for a minute..

[JustGav]

Actually another thought...

 

Buy a few gigabit adapters and put them in the firewall...

 

So you use the 3640 purely as your router for leased lines...

 

Have the following on the ISA

 

1 -> Internet

2 -> 3640

3 -> 192.168.177/24

4 -> 192.168.100/24

5 -> 192.168.101/24 (Workstation network)

 

Will give you finer control over your network, but will require a hefty firewall box... either that... or depending on which you are running it could have a layer 3 (routing) module..

 

Or hit ebay for some foundry stuff..they used to do a lovely 12 port high speed router... I'll see if I can find out what it was called FastIron or something.....

 

http://www.foundrynet.com/products/l23wiringcloset/fastiron/FIedgeDatasheet.html

[carl0s]

We were saying today that it would be much nicer if the 3640 had a fibre gigabit interface, then the link to the other building wouldn't have to come in through the switch.

 

(it's an array of switches btw.. Catalyst 3548's and 3508 I think)

[carl0s]

Actually another thought...

 

Buy a few gigabit adapters and put them in the firewall...

 

So you use the 3640 purely as your router for leased lines...

 

Have the following on the ISA

 

1 -> Internet

2 -> 3640

3 -> 192.168.177/24

4 -> 192.168.100/24

5 -> 192.168.101/24 (Workstation network)

 

Will give you finer control over your network, but will require a hefty firewall box... either that... or depending on which you are running it could have a layer 3 (routing) module..

 

Or hit ebay for some foundry stuff..they used to do a lovely 12 port high speed router... I'll see if I can find out what it was called FastIron or something.....

 

http://www.foundrynet.com/products/l23wiringcloset/fastiron/FIedgeDatasheet.html

 

I was thinking about moving more to the ISA box. It's reasonably well spec'd dual Xeon 3.6GHz, probably loads of RAM but I didn't look.

[JustGav]

There aren't any modules for the 3640 that run gigabit....

 

Which means if you use the 3640 at the core of your network, you will only have 100mbit, but it all depends on how much traffic you are really throwing round the network...

[carl0s]

Moving all the routing to the ISA box, would probably achieve as much as throwing in a server 2003 machine with RRAS routing between the two lans won't it, in terms of performance? I realise there won't be the easy managability but..

[JustGav]

If you are happy with 100 mbit, just get a quad network card, and put it in... and you can have 100 mbit at the core, with the switch running VLANS to keep the network traffic seperated.

 

Also being on the firewall means you will have fine control over what goes between the subnets.

[carl0s]

Going back to the VLAN'ing, the main point of this would be to stop broadcasts from one 'net to the other I presume, since all other traffic would be sent 'on target' to the relavent hosts.

[JustGav]

Correct, VLANS provide exactly as they say Virtual Lans, they limit the broadcast domain (the offical way it is worded)....

 

Very useful for using multiple switches as well to seperate subnets, even across buildings... (using VLAN trunking which sends all vlans over and you can then assign the ports on the other side)

[carl0s]

They're happy with performance, but can't live with these dropped packets which only started today, but are easily repeatable even out of hours when network usage is low. It has to be a semi-duff dual port fast ethernet, so we're going to have to shift the 192.168.100.254 interface off the 3640 onto either the ISA box or a new machine.

 

Just looking at it though, there's so much going through the 3640 that shouldn't be. As you say, the 3640 is only necessary for the leased line guys. That's what it started for and it's just been amended because it was the default gateway across the board- many many moons ago when there wasn't even any Internet access for the company. The second IT manager went away on holiday today and I used to look after them years ago so IT manager 1 rang me panicking

 

They don't even use DHCP on the main 192.168.177.0 network.. that's going to be a ballache going around changing default gateways on fifty machines.

[JustGav]

Got a visio diagram handy of what you have got?

 

As for no DHCP, do it once, and you won't regret it....

[Wez]

Setup VLANs on the switch so you are not hammering two subnets over the same virtual fabric and then check to make sure you have no duplex mismatches on any of the equipment.

 

I have found that with duplex mismatch it will work when the traffic is small but as soon as you start to ramp up the data rates you will see massive packet loss.

 

If the switches are cisco just show the interface counters, the command will depend if you are running catos or ios, they should look clean if all is well, crc is normally a dead give away.

 

As already mentioned you have got a bottle neck too but it depends how many comps are in the sister company sharing the 1gb link.

 

Are you attempting to run the equipment at full or half duplex?

[JustGav]

Duplex issues... damn I remember those... bloody HP unix servers used to HATE it... and I used to argue with the unix boys for hours about how they needed to set things the same way as the network was...

[Wez]

Duplex issues... damn I remember those... bloody HP unix servers used to HATE it... and I used to argue with the unix boys for hours about how they needed to set things the same way as the network was...

 

Yeah, its always the networks fault isnt it, although Cisco auto detect is shocking, he he he

[carl0s]

Got a visio diagram handy of what you have got?

 

As for no DHCP, do it once, and you won't regret it....

 

No Visio. I did that in Dia.

 

The problem here is that they're not exactly eager for downtime.. I'm just looking at other problems. The real issue is sorting these dropped packets.

[Wez]

Do a sh int on the 3640 and look at the counters, if you can paste the results here.

 

[JustGav]

Okay, I would say first step...

 

Follow Wez's advice and check the duplex settings, nice and easy and doesn't require any down time...

 

Then put in VLANs to allow the traffic to segregate...

 

Then if you have the budget (and they have the overtime), move all the routing aspects over to the ISA box during out of hours...

 

Gotta love the out of hours stuff, I've been putting in a cisco wireless network and they won't let me do it during the day even though it is not a business critical thing (and no I don't get overtime either)

[carl0s]

Setup VLANs on the switch so you are not hammering two subnets over the same virtual fabric and then check to make sure you have no duplex mismatches on any of the equipment.

 

I have found that with duplex mismatch it will work when the traffic is small but as soon as you start to ramp up the data rates you will see massive packet loss.

 

If the switches are cisco just show the interface counters, the command will depend if you are running catos or ios, they should look clean if all is well, crc is normally a dead give away.

 

As already mentioned you have got a bottle neck too but it depends how many comps are in the sister company sharing the 1gb link.

 

Are you attempting to run the equipment at full or half duplex?

 

In the 3640s config, everything is set to speed and duplex auto.

The 10mbps link needs checking I suppose, however the problem arises when just copying a file from company A to B, therefore avoiding the Internet side of things and the 10mbps ethernet.

 

What do you mean by attemping to run .. duplex? The router is set to auto, I will have to check with the switch as to whether it has negotiated full duplex on the 10mbps link, but all the fast ethernet links should be full duplex by default anyway.

[carl0s]

Do a sh int on the 3640 and look at the counters, if you can paste the results here.

 

 

I'm at home! but I'll try to remember the gist (I was looking at the int summary and full counters / 5 min avg).

 

There were lots of collisions on the 10mbps internet link, probably a few hundred dropped packets, zero crc errors. I guess the collisions suggests in running in half duplex.