dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2444
bclbob
join:2000-06-23
Oak Park, IL

bclbob

Member

NMD-36-ESW

Anyone got the specifications for this, as used in a 3845. I seem to be limited to ~80Mbit, even between the 2 daughter gigabit ports.
aryoba
MVM
join:2002-08-22

aryoba

MVM

Since it is a router module, the speed relies on the router capacity itself. In addition, switch port speed on switches tend to go faster than switch port speed on router module.

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix to bclbob

Premium Member

to bclbob
Its a ESW vs an ES so its not running tis own IOS and the ports are going through the router

I'd go for a NME-XD-48ES-2S-P over that one
bclbob
join:2000-06-23
Oak Park, IL

bclbob

Member

I thought the ESW was a "switch on a board" with uplinks via the backplane. Its in a 3845 ... how do I start diagnosing the bottleneck? the 3845 is supposed to have 256Mbit capacity with CEF.

TomS_
Git-r-done
MVM
join:2002-07-19
London, UK

TomS_

MVM

To switch between the ports on the module should happen on-board the module itself. It would be entirely idiotic to forward L2 traffic to the processor for switching.

However, to route between SVIs and other ports on the router at L3 will require packets to be forwarded off the module and towards the processor, and thats likely going to introduce a bottleneck.

What is the internal connectivity between an NM slot and the processor? Probably something like 100mbit. Best way to find out would be to run a throughput test between a port on the switch routing to an onboard port.

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix to bclbob

Premium Member

to bclbob
I've never used a ESW myself but from reading and having several ES's the ES 's run their own IOS and are L3 switches.

also when an ES is plugged in the internal router to ES link comes up as 1gbit (IE so my NME-16ES-1G-P's show up as 16FE and 2GE switches)

an ESW might be a switch on a board but is a L2 switch not a L3.

DaSneaky1D
what's up
MVM
join:2001-03-29
The Lou

DaSneaky1D to bclbob

MVM

to bclbob
With the ESW plugged in, do you have a "gi 1/0" interface in your 3845?

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

said by DaSneaky1D:

With the ESW plugged in, do you have a "gi 1/0" interface in your 3845?

from my reading all 38 ports would show on his router
bclbob
join:2000-06-23
Oak Park, IL
·Verizon FiOS

bclbob

Member

I have gi2/0 and gi2/1 showing on the ESW. I have my computer on gi2/1. I noticed that I can only download 80Mbit from the internet on comcasts 105Mbit service. If I plugged in to the modem direct I get about 120.

So I tested downloading from the server thats actually on gi2/0 and its roughly the same 80Mbit, so that made me suspect the performance of the ESW vs routing/NAT performace of the 3845.

The 3845 is rated to 250Mbit, I'd be disappointed if I could only pass 80 through it. But I think the intra ESW performance suggests its the ESW and was trying to find any spec on it to prove my theory...

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

are ports gi2/0 and 2/1 on the same vlan?

the 3845 has 2 onboard gig ports have you tried connecting your computer to one of them (IE with proper config) and seeing then doing a test download?

DaSneaky1D
what's up
MVM
join:2001-03-29
The Lou

DaSneaky1D to DarkLogix

MVM

to DarkLogix
Yeah, that's what I was thinking, too. I just wanted to know what bclbob was seeing.
DaSneaky1D

DaSneaky1D to bclbob

MVM

to bclbob
getting 105mbps+ through that router shouldn't be an issue in the least. Can you post an example of your interfaces and NAT config? I'd suspect something else is causing the performance difference.
bclbob
join:2000-06-23
Oak Park, IL
·Verizon FiOS

bclbob to DarkLogix

Member

to DarkLogix
yes they are

#show run int gi2/0
Building configuration...

Current configuration : 78 bytes
!
interface GigabitEthernet2/0
switchport access vlan 10
no ip address
end

#show run int gi2/1
Building configuration...

Current configuration : 78 bytes
!
interface GigabitEthernet2/1
switchport access vlan 10
no ip address
end

and as for your second question, no I haven't since I need to figure out all the config to route it (I assume I cant put gi0/1 in the vlan 10 and it will work)

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

No you can't put the onboard gig interfaces in vlans
IMO do something like the following (plus nat to cover it)

int gi 0/1
ip address 10.255.255.1 255.255.255.248
ip nat inside
no shut
end

you should have a default gateway setup and this would be a directly connected network so I could be wrong but I don't think you'd have to add a route statement for 10.255.255.0 /30

but you would need to add 10.255.255.2 to be allowed by nat

then on your computer set its interface to
IP= 10.255.255.2
Mask= 255.255.255.248
Gateway= 10.255.255.1
DNS= 4.2.2.2

it'd be a fairly basic config just for testing (and I picked 10.255.255.x as I'm guessing you might not be using that range as most people start lower)

think of vlan interfaces and router interfaces the same
you can't put "interface vlan 10" in a vlan its automatically part of its vlan
a router's onboard interface is a router interface just isn't related to vlans

the interfaces of your ESW are L2 switch interfaces which makes them a little different from router interfaces (one of the reasons I opted for ES over ESW I don't care to have switch interfaces as part of my router config.)
bclbob
join:2000-06-23
Oak Park, IL
·Verizon FiOS

bclbob

Member

Here's a santized config.

comcast 105Mbit modem on gi0/0
comcast 50Mbit modem on fa4/0

ESW is in slot 2

vlan10 is the interal network where all my good stuff runs, I got nervous about that and have vlan20 as a guest vlan.


! Last configuration change at 02:23:30 UTC Thu Apr 17 2014 by ops
! NVRAM config last updated at 02:23:30 UTC Thu Apr 17 2014 by ops
! NVRAM config last updated at 02:23:30 UTC Thu Apr 17 2014 by ops
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname blackfriars
!
boot-start-marker
boot system flash:c3845-adventerprisek9-mz.151-4.M8.bin
boot-end-marker
!
!
enable secret 4 dfsfd
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
no network-clock-participate slot 4
!
crypto pki token default removal timeout 0
!
!
dot11 syslog
!
flow monitor FLOW-MONITOR-1
record netflow ipv4 original-input
!
no ip source-route
no ip gratuitous-arps
!
ip cef
!
!
parameter-map type inspect global
log dropped-packets enable

parameter-map type ooo global
tcp reassembly queue length 1024
!
!
!
class-map type inspect match-any pub-self-traffic
description Support for managing the firewall router (see CSCsq44101)
match access-group name pub-self-traffic
class-map type inspect match-any self-pub-traffic
description Support for managing the firewall router (see CSCsq44101)
match access-group name self-pub-traffic
class-map type inspect match-any priv-pub-traffic
match protocol http
match protocol https
match protocol ftp
match protocol ntp
match protocol ssh
match protocol dns
match protocol echo
match protocol pptp
match protocol sip
match protocol tcp
match protocol icmp
match protocol udp
class-map type inspect match-any pub-priv-traffic
match access-group name acl-minecraft-pe
class-map type inspect match-any self-pub-traffic-pass
match access-group name self-pub-traffic-pass
class-map type inspect match-any pub-self-traffic-pass
match access-group name pub-self-traffic-pass
class-map type inspect match-any visitor-pub-traffic
match protocol http
match protocol https
match protocol ftp
match protocol ntp
match protocol ssh
match protocol dns
match protocol echo
match protocol pptp
match protocol tcp
match protocol icmp
match protocol udp
!
!
policy-map type inspect visitor-pub-policy
class type inspect visitor-pub-traffic
inspect
class class-default
drop
policy-map type inspect pub-visitor-policy
class class-default
drop log
policy-map type inspect priv-pub-policy
class type inspect priv-pub-traffic
inspect
class class-default
drop log
policy-map type inspect pub-priv-policy
class type inspect pub-priv-traffic
inspect
class class-default
drop log
policy-map type inspect pub-self-policy
class type inspect pub-self-traffic-pass
pass
class type inspect pub-self-traffic
inspect
class class-default
drop log
policy-map type inspect self-pub-policy
class type inspect self-pub-traffic-pass
pass
class type inspect self-pub-traffic
inspect
class class-default
drop log
!
zone security public
zone security private
zone security visitor
zone-pair security priv-pub source private destination public
service-policy type inspect priv-pub-policy
zone-pair security pub-priv source public destination private
service-policy type inspect pub-priv-policy
zone-pair security pub-self source public destination self
service-policy type inspect pub-self-policy
zone-pair security self-pub source self destination public
service-policy type inspect self-pub-policy
zone-pair security visitor-pub source visitor destination public
service-policy type inspect visitor-pub-policy
zone-pair security pub-vistior source public destination visitor
service-policy type inspect pub-visitor-policy
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
bandwidth 20480
bandwidth receive 107520
ip address 172.31.88.2 255.255.255.0
ip flow monitor FLOW-MONITOR-1 input
ip flow monitor FLOW-MONITOR-1 output
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
zone-member security public
duplex full
speed 1000
media-type rj45
!
interface GigabitEthernet0/1
shutdown
duplex auto
speed auto
media-type rj45
!
interface FastEthernet2/0
switchport access vlan 10
no ip address
!
interface FastEthernet2/1
switchport access vlan 10
no ip address
shutdown
!
interface FastEthernet2/2
switchport access vlan 10
no ip address
!
interface FastEthernet2/3
switchport access vlan 10
no ip address
!
interface FastEthernet2/4
description Uplink to hendon, basement AP
switchport trunk native vlan 10
switchport trunk allowed vlan 1,2,10,20,1002-1005
switchport mode trunk
no ip address
!
interface FastEthernet2/5
switchport access vlan 10
no ip address
!
interface FastEthernet2/6
switchport access vlan 10
no ip address
!
interface FastEthernet2/7
switchport access vlan 10
no ip address
!
interface FastEthernet2/8
switchport access vlan 10
no ip address
!
interface FastEthernet2/9
switchport access vlan 10
no ip address
!
interface FastEthernet2/10
switchport access vlan 10
no ip address
!
interface FastEthernet2/11
switchport access vlan 10
no ip address
!
interface FastEthernet2/12
switchport access vlan 10
no ip address
!
interface FastEthernet2/13
switchport access vlan 10
no ip address
!
interface FastEthernet2/14
switchport access vlan 10
no ip address
!
interface FastEthernet2/15
switchport access vlan 10
no ip address
!
interface FastEthernet2/16
switchport access vlan 10
no ip address
!
interface FastEthernet2/17
switchport access vlan 10
no ip address
!
interface FastEthernet2/18
description Uplink to cricklewood, attic AP
switchport trunk native vlan 10
switchport mode trunk
no ip address
!
interface FastEthernet2/19
switchport access vlan 10
no ip address
!
interface FastEthernet2/20
switchport access vlan 10
no ip address
!
interface FastEthernet2/21
switchport access vlan 10
no ip address
!
interface FastEthernet2/22
switchport access vlan 10
no ip address
!
interface FastEthernet2/23
switchport access vlan 10
no ip address
!
interface FastEthernet2/24
switchport access vlan 10
no ip address
!
interface FastEthernet2/25
switchport access vlan 10
no ip address
!
interface FastEthernet2/26
switchport access vlan 10
no ip address
!
interface FastEthernet2/27
switchport access vlan 10
no ip address
!
interface FastEthernet2/28
switchport access vlan 10
no ip address
!
interface FastEthernet2/29
switchport access vlan 10
no ip address
!
interface FastEthernet2/30
switchport access vlan 10
no ip address
!
interface FastEthernet2/31
switchport access vlan 10
no ip address
!
interface FastEthernet2/32
switchport access vlan 10
no ip address
!
interface FastEthernet2/33
switchport access vlan 10
no ip address
!
interface FastEthernet2/34
switchport access vlan 10
no ip address
!
interface FastEthernet2/35
switchport access vlan 10
no ip address
!
interface GigabitEthernet2/0
switchport access vlan 10
no ip address
!
interface GigabitEthernet2/1
switchport access vlan 10
no ip address
!
interface FastEthernet4/0
bandwidth 10240
bandwidth receive 51200
ip address 173.9.232.236 255.255.255.248
ip flow monitor FLOW-MONITOR-1 input
ip flow monitor FLOW-MONITOR-1 output
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
zone-member security public
duplex auto
speed auto
!
interface FastEthernet4/1
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 172.31.90.166 255.255.255.0 secondary
ip address 172.31.90.164 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security private
!
interface Vlan20
ip address 172.31.89.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security visitor
!
!
ip flow-top-talkers
top 20
sort-by bytes
match destination address 0.0.0.0 0.0.0.0
!
ip nat inside source route-map NAT-FA4-0-TRAFFIC interface FastEthernet4/0 overload oer
ip nat inside source route-map NAT-GI0-0-TRAFFIC interface GigabitEthernet0/0 overload oer
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 172.31.88.1 10 tag 24
ip route 0.0.0.0 0.0.0.0 FastEthernet4/0 173.9.232.238 20 tag 173
ip route 38.106.173.189 255.255.255.255 GigabitEthernet0/0 172.31.88.1
ip route 68.86.116.1 255.255.255.255 GigabitEthernet0/0 172.31.88.1 permanent
ip route 68.86.116.1 255.255.255.255 FastEthernet4/0 173.9.232.238 permanent
ip route 208.100.39.0 255.255.255.0 FastEthernet4/0 173.9.232.238
ip route 216.64.199.192 255.255.255.224 FastEthernet4/0 173.9.232.238
ip route 216.118.206.9 255.255.255.255 FastEthernet4/0 173.9.232.238
!
ip access-list extended NAT-ACL
permit ip 172.31.90.0 0.0.0.255 any
permit ip 172.31.89.0 0.0.0.255 any
deny ip any any
ip access-list extended pub-self-traffic
permit udp any any eq ntp
permit udp any any eq domain
permit icmp any any
ip access-list extended pub-self-traffic-pass
permit esp any any
permit ahp any any
permit gre any any
ip access-list extended self-pub-traffic
permit ip any any
ip access-list extended self-pub-traffic-pass
permit esp any any
permit ahp any any
permit gre any any
!
ip sla 24
icmp-echo 68.86.116.1
frequency 10
ip sla schedule 24 life forever start-time now
ip sla 173
icmp-echo 68.86.116.1 source-interface GigabitEthernet0/1
frequency 10
ip sla schedule 173 life forever start-time now
logging history size 500
access-list 100 permit udp any any eq 19132
!
!
!
!
!
!
!
!
!
!
!
!
route-map NAT-GI0-0-TRAFFIC permit 10
match ip address NAT-ACL
match interface GigabitEthernet0/0
!
route-map NAT-FA4-0-TRAFFIC permit 10
match ip address NAT-ACL
match interface FastEthernet4/0
!
!
!
!
!
line con 0
speed 19200
line aux 0
line vty 0 4
exec-timeout 0 0
transport preferred none
transport input ssh
!
scheduler allocate 20000 1000
ntp server 64.73.32.134
ntp server 204.235.61.9
ntp server 172.31.90.10
ntp server 216.129.110.22
end

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

2 edits

DarkLogix

Premium Member

Lots of QOS and stuff to look though (scratch the other stuff I said I over looked 172)
bclbob
join:2000-06-23
Oak Park, IL

bclbob

Member

Yea... its a private address space on the LAN side for the comcast modem (since i have 2 for now), i config'd one of them to use a LAN on 172.31.88.0/24 wwith the modem on .1 and the router on .2

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

/facepalm @ self over looked 172, was assuming you were using statics and didn't even think about looking at the left of the IP.
Sorry

DaSneaky1D
what's up
MVM
join:2001-03-29
The Lou

1 edit

DaSneaky1D to bclbob

MVM

to bclbob
** Removing this post... It didn't take into account the specified config **

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix to bclbob

Premium Member

to bclbob
ok well are you planning to use statics on the SMC side?
if not then I'd ditch the SMC as you're double natting.
bclbob
join:2000-06-23
Oak Park, IL
·Verizon FiOS

bclbob

Member

not sure what you mean

gi0/0 connected to comcast, provided as a single dynamic IP address, hence the addresses you see are the addresses the modem will NAT after the Cisco has NAT'd it. not ideal I know - waiting for Comcast to get going on that issue. Comcast 105/20 service (actually business IPV6 trial)

fa4/0 connected to comcast, with a /29 static block, so only the Cisco is NAT'ing vlan10/20. This is my regular Comcast business class service (50/10)

most of fa2/0-35 and gi2/0-2/1 are on vlan10. a couple of the ports are trunked to cisco wireless access points broadcasting vlan10 (private) and vlan20 (visitor).

hope that makes some sense - i know there will be double nat but i'd like to use the faster 105 service, which i can but only about 80mbit via the cisco right now

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

Well if the gig link isn't going to take over and have statics I'd just get a SB6141 and stop the double nat. (the SMC's (or the netgear if that's what you have) are not good at nat.
bclbob
join:2000-06-23
Oak Park, IL

bclbob to DarkLogix

Member

to DarkLogix
everybody uses 10.0.0.0/8 and 172.16.0.0/24 ... I've never collided with anyone with my private network choices!
bclbob

bclbob to DarkLogix

Member

to DarkLogix
Its a trial, they give me what they give me ... still trying to understand tho if l2 switching of 80mbit between gi2/0 & 2/1 is an issue, should be l2 switching on the esw? its also coincidental that it matches my internet speed closely!

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix to bclbob

Premium Member

to bclbob
said by bclbob:

everybody uses 10.0.0.0/8 and 172.16.0.0/24 ... I've never collided with anyone with my private network choices!

Ya not saying you would just that double nat is very very bad
and the Comcast gateways are not good (they're acceptable but only when used with statics)
DarkLogix

DarkLogix to bclbob

Premium Member

to bclbob
said by bclbob:

Its a trial, they give me what they give me ... still trying to understand tho if l2 switching of 80mbit between gi2/0 & 2/1 is an issue, should be l2 switching on the esw? its also coincidental that it matches my internet speed closely!

Ya the ESW should be doing the L2 switching
bclbob
join:2000-06-23
Oak Park, IL

bclbob

Member

ok time for bed, i'll set up gi0/1 and see if i can prove it that way tomorrow

TomS_
Git-r-done
MVM
join:2002-07-19
London, UK

TomS_

MVM

These routers are software based, so everything you turn on impacts your throughput.

Start with the most basic config you can use to get it working, then start building it up until you hit the point where throughput dives. Then you know what is causing the problem and can decide whether you can live without that functionality, or live with the performance hit.

In addition to this, have you checked the operational status of the interfaces to make sure there are no duplex mismatches and/or that everything is operating at the duplex you expect?

Also try multiple simultaneous downloads. Having a 100mbit pipe doesnt automatically guarantee a single 100mbit flow. High bandwidth is more about doing more things quickly, than doing a single thing superquick. IMO.
bclbob
join:2000-06-23
Oak Park, IL
·Verizon FiOS

bclbob to DarkLogix

Member

to DarkLogix
Ok brought my machine up on the other onboard gigabit ethernet port and did a basic config:

»www.speedtest.net/my-res ··· 45215366

so that means its the performance of the ESW ....
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to bclbob

MVM

to bclbob
Does this datasheet help at all, OP?

 Cisco EtherSwitch Module Summary
- NM-16ESW: One 16-port 10/100 EtherSwitch Network Module
- NM-16ESW-PWR1: One 16-port 10/100 EtherSwitch NM with Cisco pre-standard PoE support
- NM-16ESW-1GIG: One 16-port 10/100 EtherSwitch NM with 1 GE (1000BaseT) port
- NM-16ESW-PWR-1GIG2: One 16-port 10/100 EtherSwitch NM with Cisco pre-standard PoE and GE
- NMD-36-ESW: One 36-port 10/100 EtherSwitch High Density Service Module
- NMD-36-ESW-PWR2: One 36-port 10/100 EtherSwitch HDSM with Cisco pre-standard PoE
- NMD-36-ESW-2GIG: One 36-port 10/100 EtherSwitch HDSM with 2 GE (1000BaseT)
- NMD-36-ESW-PWR-2G3: One 36-port 10/100 EtherSwitch HDSM + Cisco pre-standard PoE and 2GE
 
Options
- PPWR-PS-CHASSIS: One power supply chassis for Cisco 48V (360W) power supply
- PWR-CHASSIS-360W: One power supply chassis and 48V power supply for EtherSwitch
- PPWR-PS-360W: One 48V (360W) power supply for EtherSwitch Modules
- PPWR-DCARD-16ESW: One Cisco pre-standard PoE daughtercard for 16 port EtherSwitch NM
- PPWR-DCARD-36ESW: One Cisco pre-standard PoE daughtercard for 36 port EtherSwitch HDSM
- GE-DCARD-ESW: One GE (1000BaseT) daughtercard for EtherSwitch Modules 
 

So based on the above and your own statement here OP
said by bclbob:

I have gi2/0 and gi2/1 showing on the ESW. I have my computer on gi2/1. I noticed that I can only download 80Mbit from the internet on comcasts 105Mbit service. If I plugged in to the modem direct I get about 120.

Guessing you have the NMD-36-ESW-2GIG then? Please share the output of "show inventory" to confirm.

So given your config and this
said by bclbob:

comcast 105Mbit modem on gi0/0
comcast 50Mbit modem on fa4/0

ESW is in slot 2

vlan10 is the interal network where all my good stuff runs, I got nervous about that and have vlan20 as a guest vlan.

First off, _IF_ the upstream device on Gi0/0 is already nat'ing, no need to set up ANOTHER set of NAT's
on the 38xx; it's pretty pointless and just sucks up CPU cycles. I also agree with TomS_ See Profile 's
suggestion of backing up your config, then stripping it down to only two seperate IP networks between
Gi0/0 and wherever you connect your PC and loadtesting with IPERF or similar -- not sure how you're
testing speeds, but PC/GigE NIC to PC/GigE NIC thru the 38xx with IPERF will at least minimize the
variables.

My 00000010bits

Regards