Cisco Switching/Routing :: 6509 / Unicast NLB High Traffic?
Apr 27, 2013
i recently identified all switch ports in my network on 6509 core were Transmitting Mail server Exchange traffic that was destined for Unicast NLB cluster. and it was impacting various HOST machines NIC cards/performance.After reading this article, i moved NLB CAS servers behind a dedicated cisco Switch.
[URL]
Now My core switch can learn mac address across its trunk port where CAS servers are connected on dedicated switch. but still i can see traffic Transmitting out to my all switch ports of same VLAN ( same as NLB VLAN).
View 5 Replies
ADVERTISEMENT
Mar 3, 2012
I have 2 6509-E chassis with SUP-720-VSS and classic line cards :-(. on October 2011 the switch reached 100% CPU on both devices and the entire network went down. Customer restarted the core so we lost all the log files and couldnt find out any root cause on the same. TAC engineer suggested to have some script configured on the system in case of CPU shooting up above 70%, it will create a file in flash and keep appending the logs to the same. Last week i got call from customer saying that the CPU again went high for around a minute on both the cores. Last time i added CoPP also on the switch in order to prevent the CPU reaching 100%. Still it went high and from the captured logs i saw that the process created the high CPU was Port Manager Per and SSH process. Attached the file created by the netdr capture command.
View 1 Replies
View Related
May 20, 2012
From couple of weeks we have observed the cpu utilization of cisco 6509 with SUP 720 is high. During daytime from 9:00 to 21:00 it keeps increasing & reaches 98% & after 21:00 becomes normal.
View 5 Replies
View Related
Jan 29, 2011
Cisco 6509 modular IOS getting high cpu in interrupt but the switch process switching is still less. Any sugeestion what could be the problem?
Process sbin/ios-base, type IOS, PID = 16407CPU utilization for five seconds: 12%/81%;
Sometimes cpu goes upto 100%
Version - s72033-ipservicesk9_wan-vz.122-33.SXH5
View 4 Replies
View Related
Nov 13, 2011
which process is consuming high memory with my c6509 switch.
View 17 Replies
View Related
Dec 6, 2011
I've noticed that my 6509's running VSS seem to have high I/O memory utilization.
I/O memory: Sw/Mod Bytes: Total Used %Used
1/1 8126344 7886544 97%
1/2 11796240 11442472 97%
1/5 RP 12058384 10715832 89%
1/5 SP 8388608 8104304 97%
1/7 8126344 7886544 97%
[code]....
View 5 Replies
View Related
Nov 5, 2012
I have having two Cisco 6509 both working are my main Core Switches with which I have all my Layer 2 VLANs configured and then distributed thru the trunks links to all the Access Switches. I have L3- Vlans also configured on them with which one switch in primary and the other is secondary. All of sudden last night I got this message on my core switch 2 this for VLAN 1 which is my users LAN, how can I check as to what would have caused the core switch 2 HSRP to be active and then in standby
*Nov 5 23:33:29.296: %HSRP-5-STATECHANGE: Vlan1 Grp 5 state Standby -> Active
*Nov 5 23:33:29.796: %HSRP-5-STATECHANGE: Vlan1 Grp 49 state Standby -> Active
*Nov 5 23:33:29.804: %HSRP-5-STATECHANGE: Vlan1 Grp 49 state Active -> Speak
*Nov 5 23:33:29.920: %HSRP-5-STATECHANGE: Vlan1 Grp 5 state Active -> Speak
*Nov 5 23:33:40.144: %HSRP-5-STATECHANGE: Vlan1 Grp 5 state Speak -> Standby
*Nov 5 23:33:41.280: %HSRP-5-STATECHANGE: Vlan1 Grp 49 state Speak -> Standby
Also last night i got call from office saying that we are getting huge delay in pinging the default gateway of the user LAN which is the same vlan as the above and it was just for few minutes and then it was back to normal and now when I came to office and check there were no logs in both the core switches. When I checked the cpu utlization it was showing me high on both the switches how can I check as to what would have caused the CPU utilisation to go high all of suddedn?
INPMHCORS01#$ sh processes cpu his
11111 11111 11111 1111111111
8885555588888666669999922222666665555511111777773333300000
100
90
80
[code]....
View 1 Replies
View Related
Feb 25, 2013
I have a connection that is loosing packets, my show interface output below summarises the interface where i believe the problem is occuring. My Hardware is 6509 running 12.2
View 1 Replies
View Related
Jul 14, 2010
Got servers in vlan 10 ip range 10.0.0.0 and servers in vlan 20 ip range 20.0.0.0 at the same layer 3 switch. (c6509 sup720)I would like to block TCP traffic initiated from Vlan 20 to Vlan 10. But the servers in Vlan 10 needs to be able to open an TCP connections to Vlan 20 did test with the ACL thats blocking (ack/established/syn) but unable to get it to work.Or it works both directions or is works non directions.
View 4 Replies
View Related
May 29, 2012
We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies
View Related
Dec 8, 2011
I would like to have a view of ip traffic on NX7000 as I am used on 6509 OIS, running the above commands: [code] Finding something like on 7000 ?
View 2 Replies
View Related
Nov 19, 2012
i have a 3560 connecting to a sp with limited bandwidth. i have one interface on the switch whose traffic i do not want to drop. i want this traffic to go into the high priority queue. i am not sure how this should be configured, but here is my best guess and my current qos configuration on the switch:
qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 1 4 6 7
mls qos srr-queue output cos-map queue 2 threshold 2 3(code)
since cos 5 is mapped to dscp 46 then this traffic would go into the priority queue. is this correct ?
View 7 Replies
View Related
Mar 26, 2012
On a Catalyst 6509 switch I have configured wccp protocol in order to redirect the Http traffic to a Bluecoat SG8100. It was working fine until a new L3 interface implementation.Thereafter I was unable to redirect the http traffic due to an error reported from the Cat6509: [code] After some checks I supposed that the problem should be the UDP 2048 port connection between the Switch and the Bluecoat while the switch L3 port and the bluecoat are on the same Lan. A deep analysis found that the WCCP protocol seems to be as follow:
-Proxy address 10.64.28.240 to Switch Port 10.64.28.250 Here I Am
-Switch Port 10.64.28.250 to Proxy address 10.64.28.240 I See You
-Switch Port 10.66.0.251 to Proxy address 10.64.28.240 UDP 2048 packet (dropped by firewall)
It's strange to me that the first dialog is correctly handled by the correct Cat6509 interface while the UDP packets are flowing from another Vlan interface not configured with the WCCP and apparently not involved on the protocol.Last of all the WCCP is now disabled and unusable?
View 4 Replies
View Related
Nov 21, 2011
I'm receiving multicast traffic (400Mbps) on port 9/38 and sending it out on port gi9/48. I'm trying to achieve that traffic will stay within the card without using the switchfabric,
View 2 Replies
View Related
Nov 5, 2012
We run a workers camp here and we currently have around 2500-3000 people using our 100MB internet pipe. We are upgrading the pipe to 200MB soon but I still would like to limit how much bandwidth everyone is using.
We allow streaming media such as Netflix, youtube, apple TV and of course .So it gets full pretty fast. We have QOS implemented although I wasn't here when it was done so I don't know a lot about it. I would like to limit IPs to a certain amount of bandwidth. [code]
View 1 Replies
View Related
Aug 6, 2012
I am aware that the 3750 switches are not able to support Netflows, so I have created a SPAN port and spanning traffic from a specific port. I would like to create a seperate VLAN and trunk the traffic from the SPAN port down to the 6509 switch and then capture all the traffic for that VLAN on the 6509.
View 4 Replies
View Related
Nov 27, 2011
We have a pair of 6509 working in a VSS configuration (IOS 12.2(33)SX5). The 6509s connect to a pair of ASAs (7.2 code) running in an Active/Standby setup. These ASAs in turn connect to routers going to remote sites. I have configured Netflow on the following VLANS,
VLAN 10 - Servers Vlan
VLAN 9 - Transit/ASA VLAN (connects ASAs to 6509s). All traffic originating from any VLAN on the 6509 crosses this VLAN in order to reach remote sites and vice versa
I configured the netflow source VLAN 11 although I am not collecing any netflow from it.Although I have been getting lots of Netflow info, I noticed that netflow for traffic originating from any user VLAN on the 6509s going to any remote site via TRANSIT/ASA VLAN(9) does not get reported, I even tested with 4 GB traffic but no result. Only reverse traffic (i.e. from remote site to user VLAN) is reported as it traverses the Transit VLAN (9).
I read somewhere that egress netflow is not supported in 6500, but isnt traffic originating from a user vlan to a remote site via the transit VLAN (9) considered ingress with respect to the transit VLAN (9)? I would like to know whether bidirectional Netflow is supported on 6500 VLANS. I have mimimum control on routers beyond the ASAs, and since these ASAs run 7.2 code netflow is not supported, and Monitoring this Transit Vlan gives me extremely useful info.
I do get netflow biderectional traffic from the Server Vlan 10, but I think it is correlated by the netflow collector from vlans 9 and 10. [code]
View 9 Replies
View Related
Oct 3, 2012
I am attempting to block all FTP traffic on port 21 from the servers in my network, and only allow FTP from one server to go out.
I have created the following ACL
access-list 101 Permit ip any any
access-list 101 Permit 21 1.1.1.1 0.0.0.0 any
access-list 101 Deny 21 any any
and have applied it to my truck VPN that goes up to my firewall
int Vlanxxx
ip access-group 101 out
But when i test ftp is still allowed by all servers.
View 6 Replies
View Related
Feb 3, 2011
I was wondering if the following scenario would work:
2 Microsoft TMG servers (could be any W2K8 R2 based server, e.g. UAG, Exchange etc.) configured for Unicast NLB. The servers are connected to separate L2 switches which are connected to a highly available central L3 switch (see attached drawing).
Unicast NLB works in such a way that it uses a shared virtual IP and a virtual MAC addres which is not used as Source MAC address when the TMG servers are respondign to requests.Basically it relies onto the fact that the switch does not learn the virtual MAC address and floods all packets destined to the virtual MAC on all ports. The L3 switch would learn the MAC through ARP. The question now is, what the L3 switch would do, if it receives a packet destined for the NLB VIP. It should do an ARP request in order to receive the virtual MAC. How would he decide on which port(s) to forward the packet as he does not know on which port the MAC is found. Can he make a decision based on Layer 3 (IP/VLAN based) therefore he knows that the VLAN for the TMGs is connected on those two uplink ports?
View 7 Replies
View Related
Nov 28, 2011
I have a serious problem with nexus 7018, there're unicast flooding on one n7k, named n7k-1, which is the member of vPC domain combined with 2 N7Ks. [code]I had clean the mac-address-table, and all mac-address-tables had been synced fine, and the unicast flooding went away.
How could I fix the mac-address sync function between the modules ?
View 6 Replies
View Related
Jan 9, 2011
I'm having an issue with my network, where we're are experiencing random and brief network outages. They happen a couple times a day and last 5-10 seconds. when I check my two backbone switches (4506 : Supervisor: WS-X4516-10GE ,IOS : cat4500-ipbase-mz.122-31.SGA8.bin), STP remains normal and no topology change occurs.
View 16 Replies
View Related
Feb 6, 2013
We have problems with 3 switches in our network.
Users continues receive adresse via DHCP, but no traffic was forwarded. After reboot switch works fine about one week and problem arrives.
I telnet to one problem switch and try to found reason by reaply acl and source guard and saw some strange message:
nov-20(config)#int r gi1-48
nov-20(config-if-range)#no service-acl input
nov-20(config-if-range)#service-acl input 2
Exceeded the maximum ACE allowed in the system. -repeated 48 times
Configuration and log int attachment (show tech-support)
port 52 - uplink, 1-47 - users, 49-51 - downlink switches (SPS224g4) with aprox 200 pc connected. 48-ups
View 11 Replies
View Related
Feb 27, 2013
There is a unicast flood on 3750 killing slow modem links. How to determine source MAC address of flooder? Is there a rate limit feature for it?
I know how to block it completely on port-level, but it breaks normal network operation. (when port goes down for some reason, it's learned MACs got flushed and since other hosts know MACs, they keep flooding untill their arp caches expire).
View 11 Replies
View Related
Oct 13, 2011
Today I've received reports of slow internet access/activity and have noticed myself that it seems a bit slow today. On the dashboard of our asa 5510 the "outside interface" traffic usage is running constantly high. It's at the top of the graph. How can I tell what is causing the spike in utilization. It usually runs at about 1500-2000 Kbps, and now it's up over 10,000.
View 6 Replies
View Related
Nov 26, 2012
We installed a solution with 2 Cisco 2801, BGP multihomed failover.
1) The router which is currently getting all the traffic gets to 55% to 60% of CPU usage when handling 40 SIP/RTP streams . This equals 10Mbit up/10Mbit down and it showed around 5800 packets TX and around 5800 packets RX, with a majority of them CEF switched. As those figures are way less than the performance figures published by Cisco, we wonder if we made any mistake in setting up our router, or if we can do something to improve the router setup.
2) Does it have an impact on router performance if we increase/decrease RTP packet size, thus increasing or decreasing the pps relative to the consumed bandwidth?
3) If it is not possible to improve router configuration, we also wonder about possible replacement units for those routers. Would a 2901 do a good job? By how much would it rise the capacity? What other models would you recommend if we plan to rise the number of concurrent calls by a factor of 4 or even 8 times of what we have now (so up to 48000 pps and 80Mbit).
Here is what we tried:
- ip route-cache same-interface does not seem to improve anything
- ip flow ingress on or off makes no difference
- disabling the inbound ACL on fa0/0 seems to reduce load by 10%, although I don't understand why - a very high percentage is CPU interrupts, and ACLs are process switched, or not?
- we tried following the Cisco guide for high CPU due to high interrupts, with no success
Here are some usage statistics:
The graphs that we plot via SNMP show a propotional growth/increase of CPU and bandwidth (and thus pps) At the highest loads, we had a bit more than 55% CPU utilization with more than 50% interrupt CPU.
CPU utilization for five seconds: 36%/30%; one minute: 30%; five minutes: 30%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
127 13140 954 13773 2.00% 0.29% 0.07% 194 SSH Process
[Code].....
View 8 Replies
View Related
Nov 21, 2011
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
View 2 Replies
View Related
Nov 21, 2011
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
View 2 Replies
View Related
Dec 11, 2010
We have cisoc 2821 at one of branch and created five sub inetrfaces for different vlans.Output of Show interface shows very frequent increase in the input error count.I have changed the physical cable and switch port on the other side.But still error rate is increasing.When the traffic is less error rate is low but with high traffic it is increasing drastically.My router process is very less(4%) only.What could be possible reason. [code]
View 8 Replies
View Related
Sep 13, 2011
I have high cpu problem on 6509 VSS(VS-S720-10G). When VSS was connected to LMS or NMS, the cpu utilization of VSS was very high(MAX 100%).
When they were not connected, the cpu utilization was normal.
I think it is because of SNMP gathering on LMS/NMS.
And I blocked arp table and forwarding table, but there was no change on cpu utilization. I couldn't find the bug reports and other references.
Info. IOS version : 12.2(33)SXI1
device : 6509 VSS(VS-S720-10G)
cpu utilization : snmp engine (30%~60%) peak, sometimes 100%.
View 1 Replies
View Related
Oct 19, 2011
I am having issues trying to track down what is causing a high number of connection on our FWSM in our core 6509 switch. I recently upgraded my FWSM to 3.1(20) and I'm looking for a tool to be able to find the culprit. When I receive these messages I try to get onto the firewall in time to be able to get information regarding this issue but by the time I do the device recovers. Is there a way to tweat the threshold of the SNMP trap for high connections? Is there any way I can retreive this information via SNMP? Is there are command that will allow me to extract the local IP making the most connections?
View 1 Replies
View Related
May 22, 2012
We have a 6509 core with the below modules running for a long time and the utilization used to be always 10 to 13 percent checking with the supplier it was told to us that due to the firewall modue we have and its normal Now 2 days back i noticed the utilzation had jumped to 90 % and now it happened again
I see that on runnung proc cpu
16407 56.1% 56.5% 55.9% ios-base
16430 35.3% 35.2% 33.9% iprouting.iosproc
the modules present
Mod Ports Card Type Model Serial No.--- ----- -------------------------------------- ------------------ ----------- 1 6 Firewall Module WS-SVC-FWM-1 SAD140901XA 3 16 16 port 1000mb GBIC ethernet
[Code].....
View 1 Replies
View Related
Sep 20, 2012
I am seeing a strange situation on my 6500 switch?By having snmp walk on '1.3.6.1.4.1.9.9.109.1.1.1.1.3' (== cpmCPUTotal5sec), I came to know that there are two processor and the cpu util for switching processor is gone to 88 % and some time creeps to 99 %.
snmpwalk -v2c -c "removes" sw6500 '1.3.6.1.4.1.9.9.109.1.1.1.1.3'
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.1 = Gauge32: 12 (--- this is for CPU of Router Processor )
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.3 = Gauge32: 99 (--- this is for CPU of Switching Processor )
but when I do sh process cpu on the console, all looks normal as it shows cpu utilization of RP. why the value is so high on the switching processor ?
View 1 Replies
View Related
Jan 11, 2012
we've had an issue with our network, we have 2 6509 connected with redundancy, which are connected with 2 x 4900 Switches, from which are connected to a ESX Chassis for visualization, the thing is that the ESX stopped working, and the 4900 switches, and the main core were suffering from overload, they hang on it very well, in order to stop the overload, one of the links to the ESX Chassis were disconnected from one of the 4900 switches. The CPU usage from the 4900 and the core(6509) went down below 40%, and then they started to migrate the virtual servers from the chassis to another 2 chassis that were added right after. They were actually working well, but suddenly the 6509 changed to the other supervisor after everything was OK. We were wondering what could have been the cause of this, maybe the virtual servers migrations, maybe the overload from the ESX ? We also had a few question, is there any need to reload the cores every few months as a planned task ? Because the cores have been up for more than 1 year. And also is there any kind of of tool to monitor the CPU status, or the status overall from the cores or the switches ?
View 3 Replies
View Related
