Mike, I've seen issues similar to this when using the 12 Port DS3 cards, Engine O, in Cisco GSR's. Basically if there's any single ds3 that is full on any of the 12 ports, then the buffers on the card fill up and every other port on that card has their traffic queued, thus introducing latency. There are some things that can be done to help with the situation but not much to actually resolve the issue. One is to use WRED instead of FIFO on the ints at the provider side. A more effective solution, but more invasive, is to basically set each card's tx queue to 1 so when something is waiting on the blocked port, packets are dropped instead of queued. Applied Globally: cos-queue-group 1-16 precedence all random-detect-label 0 random-detect-label 0 1 16 1 Ints w/less than 45Mb tx-cos 1-16 tx-queue-limit 1 Mostly this is just done on the interfaces that are configured with a clock rate less than 45Mb. Of course, all this will need to be done on the Qwest side. Since you're only see this issue during the day, it points to a traffic problem. If qwest needs some proof have them run this command when you're seeing the high latency: execute-on slot <slot> show contro frfab queue execute-on slot <slot> show contro tofab queue That is, if they're using those cards on a GSR. Hope that helps. --chip On Fri, Sep 26, 2008 at 12:28 PM, Aaron Wendel <aaron@wholesaleinternet.net>wrote:
Have you taken some traffic captures to see what kind of traffic's coming through? Could be an infected machine sending lots of small packets from lots of spoofed addresses. I've seen that kind of thing cause issues with older routers before.
-----Original Message----- From: mike [mailto:mike-nanog@tiedyenetworks.com] Sent: Friday, September 26, 2008 11:04 AM To: nanog@nanog.org Subject: high latency ds3 issue on unloaded line
Hello,
I have a ds3 from qwest which has daily issues with insane point-to-point latencies sometimes exceeding 1000ms for hours on end, and which suddenly disappear, and does not appear to correspond with actual measured link utilization (less than 20mbps most days).
To make a long investigation short, the problem comes on during the day and then lets up late in the evening. I have tested and examined everything at the ip layer and no it's not high utilization, an ACL, router cpu or bad hardware, no line errors or other issues visible from interface or controller stats. yes I have flushed all hardware, and I have a 7204vxr/npe-400 with this single ds3. The only clue seems to be millions of 'output drops' from qwest's side. And at night I can hit popular ftp mirrors from a directly attached server and observe my interface reporting about %100 utilization combined with my users and customers, so yeah it really is a full line rate ds3. And historically Mrtg always shows around 20mbps or less utilization and it's only smokeping that goes off, usually in the afternoon when the point to point latencies between my router and qwest start heading north, and consistently at that. I also have another in house tool that takes 30 second snapshots of my ds3 interface in order to catch short bursts that would be smoothed out with mrtg's 5 minute average, but during these high latency times there aren't any spikes noted. And for added confusion (or fun!), the latency can start at any utilization level - I've observed it while we were pulling just 12mbps, and I have not had it while we were doing 34mbps, only the time of day seems to be the common factor.
Qwest has not been able to identify the issue, only note that - yeah, this really is happening when there is otherwise no real load on the line - and I am certain we have done everything to rule out the ip layer. They have put in a 'request' to move me to another router, but I am not hopeful of a resolution that way as the router we're currently on doesn't appear otherwise to have the problem with any other subscriber.
What I want to know, is it possible that the underlaying atm/sonet that carries my ds3 from my facility is somehow oversubscribed or misconfigured? We have an OC12 fiber entrance and this is the only circuit provisioned on it, and in our small tiny town the only other user on the ring with us is comcast (according to the att network engineer who installed this). I don't know enough about atm/sonet to imagine conditions that would cause the issues I am seeing here , but every ip layer tool I have only ever tells me there isn't an ip issue here. I can issue ping from my router directly to the attached qwest router and get > 1000ms and then other times (out of the problem window), I am getting 4ms.
If anyone has laughs or beers to offer me, send 'em on cuz I could use both right about now....
Mike-
-- Just my $.02, your mileage may vary, batteries not included, etc....