weird high ping times with CISCO router

By ranasrule
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

ranasrule

Posted
Posted

Hello....I have a Cisco 1841 router which connects my office network in our WAN....the problem is Im getting extremely high ping times....even when I disconnect everything from the router and just connect my PC to it and then ping it I still get ping times on the 20s and 30s.....we recently moved the rack in which the router is installed to a new location and there could be a grounding/earthing issue....could that be causing the high ping times ? also the CPU usageon the router is consistently 30-40%...is that considered high ? if so could that be a reason for the high ping times ?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

"Also 30 - 40Ms isnt that high."

Um ok to something on the internet - say on the other side of the country, maybe even across the pond, ok not too bad.

To your router via lan -- its freaking EXTREMELY HIGH!!

Lan gateway

Reply from 192.168.1.253: bytes=32 time<1ms TTL=64

ISP gateway from same machine through router, etc.

Reply from 24.14.x.x: bytes=32 time=8ms TTL=254

google.com

Reply from 74.125.95.105: bytes=32 time=20ms TTL=53

This IP shows to be in CA, from geoip, and is 13 hops from me here in Chicago.. Do a traceroute to where you pinging.. If there are quite a few hops, then yeah your ping times are going to be high(er). So Im pinging a box in CA, with 13 routers between us and seeing 20ms, he is pinging a router on his LAN, and getting 20-30ms ---> Yeah SOMETHING WRONG!!!

From this he states

"the router and just connect my PC to it"

I have to ask how long the cable is?? But Im assuming your using say a 7 foot patch or something??

You got something wrong.. And with your router showing 30 to 40% cpu?? Yeah that should be like 1 or 2% if its not doing anything.. your at 30-40%, that could explain the HIGH ping times, and yeah clearly something wrong there!!!

Grand Master

Sn00pY

Posted
Posted

Hmm to quickly jump and say 30-40% is high... We don't know several things...

He says it connects his office to his WAN - is this typical internet? is this an MPLS network? is the 1841 running BGP? is it running correctly? prefix-list/filtering properly?

Could be a remote site office going through a VPN and into his main company WAN (MPLS) out to a central router/internet connection. Few things could be up here BudMan.

Let's see the config, if possible...

How can you say his ping IS high - we don't even know what type of connection he has... is it 512KB? then 20ms out to google.com etc is OK IMHO. Is the machine he is pinging from a good machine? variables... lots of them :)

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted
  On 09/10/2010 at 17:57, Sn00pY said:

Hmm to quickly jump and say 30-40% is high... We don't know several things...

He says it connects his office to his WAN - is this typical internet? is this an MPLS network? is the 1841 running BGP? is it running correctly? prefix-list/filtering properly?

Could be a remote site office going through a VPN and into his main company WAN (MPLS) out to a central router/internet connection. Few things could be up here BudMan.

Let's see the config, if possible...

How can you say his ping IS high - we don't even know what type of connection he has... is it 512KB? then 20ms out to google.com etc is OK IMHO. Is the machine he is pinging from a good machine? variables... lots of them :)

Snoopy, I don't think it matters the type of connection:

"even when I disconnect everything from the router and just connect my PC to it and then ping it I still get ping times on the 20s and 30s"

this would assume that he is pinging the router and not an internet web address, correct me if I am wrong.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Exactly -- thats the way I read it!!! He is pinging his router, that being the case it should not be 20-30ms thats for damn sure.. Does not matter if he using using his phones GSM connection ;)

I give you depending on his wan connection, maybe 20-30 ms is good to his ISP gateway even.. But that is not what he says he did.

"disconnect everything from the router and just connect my PC to it and then ping it I still get"

This reads that he was pinging his router.

And unless his router is doing something pretty major, moving lots of freaking traffic -- I mean a lot, it should not be at that % cpu, but a high cpu like that could explain his high ping times to his router.

Enthusiast

KrAzY FrOg

Posted
Posted

hey! This certainly sounds like you got some process running on the router that is utilizing the CPU and could very well be your issue. Connect to the router using telnet or SSH (if configured) and enter enable mode (type 'enable' at the router> prompt). Once at a router# prompt, type the command "show tech" and copy the output to a text file and paste it here so it can be reviewed. This output will have all sorts of stuff including the configuration, interface statistics and system details such as the CPU load and what processes are using the CPU and memory.

If you are not comfortable with uploading this to this forum, you can send it to me directly.

Alternately, you can run the following command on the 1841 and post the output then we can step through the potential issue(s):

'show proc cpu sort 5sec' - You only need to paste up the first 15 or so lines form the output (or to the point where processes are at zero.

Grand Master

ranasrule

Posted
  • Author
Posted
  On 10/10/2010 at 04:57, KrAzY FrOg said:

hey! This certainly sounds like you got some process running on the router that is utilizing the CPU and could very well be your issue. Connect to the router using telnet or SSH (if configured) and enter enable mode (type 'enable' at the router> prompt). Once at a router# prompt, type the command "show tech" and copy the output to a text file and paste it here so it can be reviewed. This output will have all sorts of stuff including the configuration, interface statistics and system details such as the CPU load and what processes are using the CPU and memory.

If you are not comfortable with uploading this to this forum, you can send it to me directly.

Alternately, you can run the following command on the 1841 and post the output then we can step through the potential issue(s):

'show proc cpu sort 5sec' - You only need to paste up the first 15 or so lines form the output (or to the point where processes are at zero.

is it safe to post the output of the "show tech" command here?

Enthusiast

KrAzY FrOg

Posted
Posted

I see you have ip nat inside configured on your tunnel interfaces. This should not be here and should be on the interface you already specified as the LAN side port. Do you actually have a Netflow monitor box in your environment such as Solarwinds or the sort? If not, remove the ip flow commands all over as that is just capturing traffic when it is not needed.

Something is not right with the configuration on Serial0/0/0:0 as traffic is being dropped due to the output buffer queue filling. Clear the counters on this interface and watch to see if it continues to increment. If it does, make sure your MTU is right and the speed and duplex is correct.

Your tunnel interfaces are dropping a ton of output packets as well.

I also agree with Budman that the IP NAT seems suspect. Looking over how the IP NAT is configured, there are some adjustments that you could do to possible relieve this, but further understanding on why things are configured as they are would need to be known first.

So, what would i suggest you changing? I will list the as follows:

Remove the ip nat inside from the tunnel interfaces as those are not the inside interfaces connected to your LAN (FastEthernet0/1 is).

interface Tunnel0

no ip nat inside

Change the MTU on your tunnel interfaces to 1500 to allow Windows machines to communicate across this better (It should help eliminate the dropped packets)

interface Tunnel0

ip mtu 1500

Remove the ip flow on interfaces you do not actually need to monitor in your Netflow monitoring system (such as FastEthern0/0 that has no IP address even configured)

interface FastEthernet0/0

no ip flow ingress

no ip flow egress

Unless you have a specific reason for using an address pool for your outbound NAT, remove it and just mask behind the public IP on Serial0/0/0:0. Of course any host you have a static NAT configured for will go out with a source

IP as defined in the NAT

no ip nat pool ....... <insert the whole command here> Note that you need to remove the global NAT first

Also change your global outbound NAT to the following (I typically use a route-map here, but it is just to better control the traffic flow especially when you have more than one internet service connection):

ip nat inside source list 1 serial0/0/0:0 overload

Interface Tunnel0 only has a inbound bandwidth of 9k? Really? with an outbound of 8m? make sure that is right...

Also, not sure what your intent is for the tunnel interfaces and how they are being used, but you should look at DMVPN to complete it and use NHRP along with encryption to make it a solid and secure solution. Bundle that with EIGRP for your internal dynamic routing and you got yourself a nicely tuned network! A good write-up on this can be found: Here

Grand Master

Sn00pY

Posted
Posted

no ip flow-export version 5

no ip flow-export destination 192.168.1.188 2055

no ip flow-export destination 192.168.1.188 2048

  Quote

Interface Tunnel0 only has a inbound bandwidth of 9k? Really? with an outbound of 8m? make sure that is right...

He's not doing any MCQ (QoS) so why bother with these settings, really... bit pointless...

Also I don't think this site should be considered for a DMVPN hub/spoke scenario as he'd need a decent router to act as a DMVPN hub and this site to be a spoke site... a DMVPN mesh is a tricky config to get right and can come with lots of issues. I've done a good few DMVPN and whilst I agree it's a solid network it goes with some pain sometimes.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.