bclbob join:2000-06-23 Oak Park, IL |
bclbob
Member
2014-Apr-16 3:54 pm
NMD-36-ESWAnyone got the specifications for this, as used in a 3845. I seem to be limited to ~80Mbit, even between the 2 daughter gigabit ports. |
|
|
aryoba
MVM
2014-Apr-16 4:08 pm
Since it is a router module, the speed relies on the router capacity itself. In addition, switch port speed on switches tend to go faster than switch port speed on router module. |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
to bclbob
Its a ESW vs an ES so its not running tis own IOS and the ports are going through the router
I'd go for a NME-XD-48ES-2S-P over that one |
|
bclbob join:2000-06-23 Oak Park, IL |
bclbob
Member
2014-Apr-16 4:23 pm
I thought the ESW was a "switch on a board" with uplinks via the backplane. Its in a 3845 ... how do I start diagnosing the bottleneck? the 3845 is supposed to have 256Mbit capacity with CEF. |
|
TomS_Git-r-done MVM join:2002-07-19 London, UK |
TomS_
MVM
2014-Apr-16 6:51 pm
To switch between the ports on the module should happen on-board the module itself. It would be entirely idiotic to forward L2 traffic to the processor for switching.
However, to route between SVIs and other ports on the router at L3 will require packets to be forwarded off the module and towards the processor, and thats likely going to introduce a bottleneck.
What is the internal connectivity between an NM slot and the processor? Probably something like 100mbit. Best way to find out would be to run a throughput test between a port on the switch routing to an onboard port. |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
to bclbob
I've never used a ESW myself but from reading and having several ES's the ES 's run their own IOS and are L3 switches.
also when an ES is plugged in the internal router to ES link comes up as 1gbit (IE so my NME-16ES-1G-P's show up as 16FE and 2GE switches)
an ESW might be a switch on a board but is a L2 switch not a L3. |
|
|
to bclbob
With the ESW plugged in, do you have a "gi 1/0" interface in your 3845? |
|
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
said by DaSneaky1D:With the ESW plugged in, do you have a "gi 1/0" interface in your 3845? from my reading all 38 ports would show on his router |
|
bclbob join:2000-06-23 Oak Park, IL ·Verizon FiOS
|
bclbob
Member
2014-Apr-16 10:15 pm
I have gi2/0 and gi2/1 showing on the ESW. I have my computer on gi2/1. I noticed that I can only download 80Mbit from the internet on comcasts 105Mbit service. If I plugged in to the modem direct I get about 120.
So I tested downloading from the server thats actually on gi2/0 and its roughly the same 80Mbit, so that made me suspect the performance of the ESW vs routing/NAT performace of the 3845.
The 3845 is rated to 250Mbit, I'd be disappointed if I could only pass 80 through it. But I think the intra ESW performance suggests its the ESW and was trying to find any spec on it to prove my theory... |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
DarkLogix
Premium Member
2014-Apr-16 10:20 pm
are ports gi2/0 and 2/1 on the same vlan?
the 3845 has 2 onboard gig ports have you tried connecting your computer to one of them (IE with proper config) and seeing then doing a test download? |
|
|
to DarkLogix
Yeah, that's what I was thinking, too. I just wanted to know what bclbob was seeing. |
|
DaSneaky1D |
to bclbob
getting 105mbps+ through that router shouldn't be an issue in the least. Can you post an example of your interfaces and NAT config? I'd suspect something else is causing the performance difference. |
|
bclbob join:2000-06-23 Oak Park, IL ·Verizon FiOS
|
to DarkLogix
yes they are
#show run int gi2/0 Building configuration...
Current configuration : 78 bytes ! interface GigabitEthernet2/0 switchport access vlan 10 no ip address end
#show run int gi2/1 Building configuration...
Current configuration : 78 bytes ! interface GigabitEthernet2/1 switchport access vlan 10 no ip address end
and as for your second question, no I haven't since I need to figure out all the config to route it (I assume I cant put gi0/1 in the vlan 10 and it will work) |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
DarkLogix
Premium Member
2014-Apr-16 10:35 pm
No you can't put the onboard gig interfaces in vlans IMO do something like the following (plus nat to cover it)
int gi 0/1 ip address 10.255.255.1 255.255.255.248 ip nat inside no shut end
you should have a default gateway setup and this would be a directly connected network so I could be wrong but I don't think you'd have to add a route statement for 10.255.255.0 /30
but you would need to add 10.255.255.2 to be allowed by nat
then on your computer set its interface to IP= 10.255.255.2 Mask= 255.255.255.248 Gateway= 10.255.255.1 DNS= 4.2.2.2
it'd be a fairly basic config just for testing (and I picked 10.255.255.x as I'm guessing you might not be using that range as most people start lower)
think of vlan interfaces and router interfaces the same you can't put "interface vlan 10" in a vlan its automatically part of its vlan a router's onboard interface is a router interface just isn't related to vlans
the interfaces of your ESW are L2 switch interfaces which makes them a little different from router interfaces (one of the reasons I opted for ES over ESW I don't care to have switch interfaces as part of my router config.) |
|
bclbob join:2000-06-23 Oak Park, IL ·Verizon FiOS
|
bclbob
Member
2014-Apr-16 10:43 pm
Here's a santized config.
comcast 105Mbit modem on gi0/0 comcast 50Mbit modem on fa4/0
ESW is in slot 2
vlan10 is the interal network where all my good stuff runs, I got nervous about that and have vlan20 as a guest vlan.
! Last configuration change at 02:23:30 UTC Thu Apr 17 2014 by ops ! NVRAM config last updated at 02:23:30 UTC Thu Apr 17 2014 by ops ! NVRAM config last updated at 02:23:30 UTC Thu Apr 17 2014 by ops version 15.1 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service internal ! hostname blackfriars ! boot-start-marker boot system flash:c3845-adventerprisek9-mz.151-4.M8.bin boot-end-marker ! ! enable secret 4 dfsfd ! aaa new-model ! ! ! ! ! ! ! aaa session-id common ! no network-clock-participate slot 4 ! crypto pki token default removal timeout 0 ! ! dot11 syslog ! flow monitor FLOW-MONITOR-1 record netflow ipv4 original-input ! no ip source-route no ip gratuitous-arps ! ip cef ! ! parameter-map type inspect global log dropped-packets enable
parameter-map type ooo global tcp reassembly queue length 1024 ! ! ! class-map type inspect match-any pub-self-traffic description Support for managing the firewall router (see CSCsq44101) match access-group name pub-self-traffic class-map type inspect match-any self-pub-traffic description Support for managing the firewall router (see CSCsq44101) match access-group name self-pub-traffic class-map type inspect match-any priv-pub-traffic match protocol http match protocol https match protocol ftp match protocol ntp match protocol ssh match protocol dns match protocol echo match protocol pptp match protocol sip match protocol tcp match protocol icmp match protocol udp class-map type inspect match-any pub-priv-traffic match access-group name acl-minecraft-pe class-map type inspect match-any self-pub-traffic-pass match access-group name self-pub-traffic-pass class-map type inspect match-any pub-self-traffic-pass match access-group name pub-self-traffic-pass class-map type inspect match-any visitor-pub-traffic match protocol http match protocol https match protocol ftp match protocol ntp match protocol ssh match protocol dns match protocol echo match protocol pptp match protocol tcp match protocol icmp match protocol udp ! ! policy-map type inspect visitor-pub-policy class type inspect visitor-pub-traffic inspect class class-default drop policy-map type inspect pub-visitor-policy class class-default drop log policy-map type inspect priv-pub-policy class type inspect priv-pub-traffic inspect class class-default drop log policy-map type inspect pub-priv-policy class type inspect pub-priv-traffic inspect class class-default drop log policy-map type inspect pub-self-policy class type inspect pub-self-traffic-pass pass class type inspect pub-self-traffic inspect class class-default drop log policy-map type inspect self-pub-policy class type inspect self-pub-traffic-pass pass class type inspect self-pub-traffic inspect class class-default drop log ! zone security public zone security private zone security visitor zone-pair security priv-pub source private destination public service-policy type inspect priv-pub-policy zone-pair security pub-priv source public destination private service-policy type inspect pub-priv-policy zone-pair security pub-self source public destination self service-policy type inspect pub-self-policy zone-pair security self-pub source self destination public service-policy type inspect self-pub-policy zone-pair security visitor-pub source visitor destination public service-policy type inspect visitor-pub-policy zone-pair security pub-vistior source public destination visitor service-policy type inspect pub-visitor-policy ! ! ! ! ! ! ! ! interface GigabitEthernet0/0 bandwidth 20480 bandwidth receive 107520 ip address 172.31.88.2 255.255.255.0 ip flow monitor FLOW-MONITOR-1 input ip flow monitor FLOW-MONITOR-1 output ip flow ingress ip flow egress ip nat outside ip virtual-reassembly in zone-member security public duplex full speed 1000 media-type rj45 ! interface GigabitEthernet0/1 shutdown duplex auto speed auto media-type rj45 ! interface FastEthernet2/0 switchport access vlan 10 no ip address ! interface FastEthernet2/1 switchport access vlan 10 no ip address shutdown ! interface FastEthernet2/2 switchport access vlan 10 no ip address ! interface FastEthernet2/3 switchport access vlan 10 no ip address ! interface FastEthernet2/4 description Uplink to hendon, basement AP switchport trunk native vlan 10 switchport trunk allowed vlan 1,2,10,20,1002-1005 switchport mode trunk no ip address ! interface FastEthernet2/5 switchport access vlan 10 no ip address ! interface FastEthernet2/6 switchport access vlan 10 no ip address ! interface FastEthernet2/7 switchport access vlan 10 no ip address ! interface FastEthernet2/8 switchport access vlan 10 no ip address ! interface FastEthernet2/9 switchport access vlan 10 no ip address ! interface FastEthernet2/10 switchport access vlan 10 no ip address ! interface FastEthernet2/11 switchport access vlan 10 no ip address ! interface FastEthernet2/12 switchport access vlan 10 no ip address ! interface FastEthernet2/13 switchport access vlan 10 no ip address ! interface FastEthernet2/14 switchport access vlan 10 no ip address ! interface FastEthernet2/15 switchport access vlan 10 no ip address ! interface FastEthernet2/16 switchport access vlan 10 no ip address ! interface FastEthernet2/17 switchport access vlan 10 no ip address ! interface FastEthernet2/18 description Uplink to cricklewood, attic AP switchport trunk native vlan 10 switchport mode trunk no ip address ! interface FastEthernet2/19 switchport access vlan 10 no ip address ! interface FastEthernet2/20 switchport access vlan 10 no ip address ! interface FastEthernet2/21 switchport access vlan 10 no ip address ! interface FastEthernet2/22 switchport access vlan 10 no ip address ! interface FastEthernet2/23 switchport access vlan 10 no ip address ! interface FastEthernet2/24 switchport access vlan 10 no ip address ! interface FastEthernet2/25 switchport access vlan 10 no ip address ! interface FastEthernet2/26 switchport access vlan 10 no ip address ! interface FastEthernet2/27 switchport access vlan 10 no ip address ! interface FastEthernet2/28 switchport access vlan 10 no ip address ! interface FastEthernet2/29 switchport access vlan 10 no ip address ! interface FastEthernet2/30 switchport access vlan 10 no ip address ! interface FastEthernet2/31 switchport access vlan 10 no ip address ! interface FastEthernet2/32 switchport access vlan 10 no ip address ! interface FastEthernet2/33 switchport access vlan 10 no ip address ! interface FastEthernet2/34 switchport access vlan 10 no ip address ! interface FastEthernet2/35 switchport access vlan 10 no ip address ! interface GigabitEthernet2/0 switchport access vlan 10 no ip address ! interface GigabitEthernet2/1 switchport access vlan 10 no ip address ! interface FastEthernet4/0 bandwidth 10240 bandwidth receive 51200 ip address 173.9.232.236 255.255.255.248 ip flow monitor FLOW-MONITOR-1 input ip flow monitor FLOW-MONITOR-1 output ip flow ingress ip flow egress ip nat outside ip virtual-reassembly in zone-member security public duplex auto speed auto ! interface FastEthernet4/1 no ip address shutdown duplex auto speed auto ! interface Vlan1 no ip address shutdown ! interface Vlan10 ip address 172.31.90.166 255.255.255.0 secondary ip address 172.31.90.164 255.255.255.0 ip nat inside ip virtual-reassembly in zone-member security private ! interface Vlan20 ip address 172.31.89.1 255.255.255.0 ip nat inside ip virtual-reassembly in zone-member security visitor ! ! ip flow-top-talkers top 20 sort-by bytes match destination address 0.0.0.0 0.0.0.0 ! ip nat inside source route-map NAT-FA4-0-TRAFFIC interface FastEthernet4/0 overload oer ip nat inside source route-map NAT-GI0-0-TRAFFIC interface GigabitEthernet0/0 overload oer ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 172.31.88.1 10 tag 24 ip route 0.0.0.0 0.0.0.0 FastEthernet4/0 173.9.232.238 20 tag 173 ip route 38.106.173.189 255.255.255.255 GigabitEthernet0/0 172.31.88.1 ip route 68.86.116.1 255.255.255.255 GigabitEthernet0/0 172.31.88.1 permanent ip route 68.86.116.1 255.255.255.255 FastEthernet4/0 173.9.232.238 permanent ip route 208.100.39.0 255.255.255.0 FastEthernet4/0 173.9.232.238 ip route 216.64.199.192 255.255.255.224 FastEthernet4/0 173.9.232.238 ip route 216.118.206.9 255.255.255.255 FastEthernet4/0 173.9.232.238 ! ip access-list extended NAT-ACL permit ip 172.31.90.0 0.0.0.255 any permit ip 172.31.89.0 0.0.0.255 any deny ip any any ip access-list extended pub-self-traffic permit udp any any eq ntp permit udp any any eq domain permit icmp any any ip access-list extended pub-self-traffic-pass permit esp any any permit ahp any any permit gre any any ip access-list extended self-pub-traffic permit ip any any ip access-list extended self-pub-traffic-pass permit esp any any permit ahp any any permit gre any any ! ip sla 24 icmp-echo 68.86.116.1 frequency 10 ip sla schedule 24 life forever start-time now ip sla 173 icmp-echo 68.86.116.1 source-interface GigabitEthernet0/1 frequency 10 ip sla schedule 173 life forever start-time now logging history size 500 access-list 100 permit udp any any eq 19132 ! ! ! ! ! ! ! ! ! ! ! ! route-map NAT-GI0-0-TRAFFIC permit 10 match ip address NAT-ACL match interface GigabitEthernet0/0 ! route-map NAT-FA4-0-TRAFFIC permit 10 match ip address NAT-ACL match interface FastEthernet4/0 ! ! ! ! ! line con 0 speed 19200 line aux 0 line vty 0 4 exec-timeout 0 0 transport preferred none transport input ssh ! scheduler allocate 20000 1000 ntp server 64.73.32.134 ntp server 204.235.61.9 ntp server 172.31.90.10 ntp server 216.129.110.22 end
|
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX 2 edits |
DarkLogix
Premium Member
2014-Apr-16 10:50 pm
Lots of QOS and stuff to look though (scratch the other stuff I said I over looked 172) |
|
bclbob join:2000-06-23 Oak Park, IL |
bclbob
Member
2014-Apr-16 10:55 pm
Yea... its a private address space on the LAN side for the comcast modem (since i have 2 for now), i config'd one of them to use a LAN on 172.31.88.0/24 wwith the modem on .1 and the router on .2 |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
DarkLogix
Premium Member
2014-Apr-16 10:56 pm
/facepalm @ self over looked 172, was assuming you were using statics and didn't even think about looking at the left of the IP. Sorry |
|
1 edit |
to bclbob
** Removing this post... It didn't take into account the specified config ** |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
to bclbob
ok well are you planning to use statics on the SMC side? if not then I'd ditch the SMC as you're double natting. |
|
bclbob join:2000-06-23 Oak Park, IL ·Verizon FiOS
|
bclbob
Member
2014-Apr-16 11:05 pm
not sure what you mean
gi0/0 connected to comcast, provided as a single dynamic IP address, hence the addresses you see are the addresses the modem will NAT after the Cisco has NAT'd it. not ideal I know - waiting for Comcast to get going on that issue. Comcast 105/20 service (actually business IPV6 trial)
fa4/0 connected to comcast, with a /29 static block, so only the Cisco is NAT'ing vlan10/20. This is my regular Comcast business class service (50/10)
most of fa2/0-35 and gi2/0-2/1 are on vlan10. a couple of the ports are trunked to cisco wireless access points broadcasting vlan10 (private) and vlan20 (visitor).
hope that makes some sense - i know there will be double nat but i'd like to use the faster 105 service, which i can but only about 80mbit via the cisco right now |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
DarkLogix
Premium Member
2014-Apr-16 11:08 pm
Well if the gig link isn't going to take over and have statics I'd just get a SB6141 and stop the double nat. (the SMC's (or the netgear if that's what you have) are not good at nat. |
|
bclbob join:2000-06-23 Oak Park, IL |
to DarkLogix
everybody uses 10.0.0.0/8 and 172.16.0.0/24 ... I've never collided with anyone with my private network choices! |
|
bclbob |
to DarkLogix
Its a trial, they give me what they give me ... still trying to understand tho if l2 switching of 80mbit between gi2/0 & 2/1 is an issue, should be l2 switching on the esw? its also coincidental that it matches my internet speed closely! |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
to bclbob
said by bclbob:everybody uses 10.0.0.0/8 and 172.16.0.0/24 ... I've never collided with anyone with my private network choices! Ya not saying you would just that double nat is very very bad and the Comcast gateways are not good (they're acceptable but only when used with statics) |
|
DarkLogix |
to bclbob
said by bclbob:Its a trial, they give me what they give me ... still trying to understand tho if l2 switching of 80mbit between gi2/0 & 2/1 is an issue, should be l2 switching on the esw? its also coincidental that it matches my internet speed closely! Ya the ESW should be doing the L2 switching |
|
bclbob join:2000-06-23 Oak Park, IL |
bclbob
Member
2014-Apr-16 11:13 pm
ok time for bed, i'll set up gi0/1 and see if i can prove it that way tomorrow |
|
TomS_Git-r-done MVM join:2002-07-19 London, UK |
TomS_
MVM
2014-Apr-17 5:22 am
These routers are software based, so everything you turn on impacts your throughput.
Start with the most basic config you can use to get it working, then start building it up until you hit the point where throughput dives. Then you know what is causing the problem and can decide whether you can live without that functionality, or live with the performance hit.
In addition to this, have you checked the operational status of the interfaces to make sure there are no duplex mismatches and/or that everything is operating at the duplex you expect?
Also try multiple simultaneous downloads. Having a 100mbit pipe doesnt automatically guarantee a single 100mbit flow. High bandwidth is more about doing more things quickly, than doing a single thing superquick. IMO. |
|
bclbob join:2000-06-23 Oak Park, IL ·Verizon FiOS
|
to DarkLogix
Ok brought my machine up on the other onboard gigabit ethernet port and did a basic config: » www.speedtest.net/my-res ··· 45215366so that means its the performance of the ESW .... |
|
|
to bclbob
Does this datasheet help at all, OP? Cisco EtherSwitch Module Summary
- NM-16ESW: One 16-port 10/100 EtherSwitch Network Module
- NM-16ESW-PWR1: One 16-port 10/100 EtherSwitch NM with Cisco pre-standard PoE support
- NM-16ESW-1GIG: One 16-port 10/100 EtherSwitch NM with 1 GE (1000BaseT) port
- NM-16ESW-PWR-1GIG2: One 16-port 10/100 EtherSwitch NM with Cisco pre-standard PoE and GE
- NMD-36-ESW: One 36-port 10/100 EtherSwitch High Density Service Module
- NMD-36-ESW-PWR2: One 36-port 10/100 EtherSwitch HDSM with Cisco pre-standard PoE
- NMD-36-ESW-2GIG: One 36-port 10/100 EtherSwitch HDSM with 2 GE (1000BaseT)
- NMD-36-ESW-PWR-2G3: One 36-port 10/100 EtherSwitch HDSM + Cisco pre-standard PoE and 2GE
Options
- PPWR-PS-CHASSIS: One power supply chassis for Cisco 48V (360W) power supply
- PWR-CHASSIS-360W: One power supply chassis and 48V power supply for EtherSwitch
- PPWR-PS-360W: One 48V (360W) power supply for EtherSwitch Modules
- PPWR-DCARD-16ESW: One Cisco pre-standard PoE daughtercard for 16 port EtherSwitch NM
- PPWR-DCARD-36ESW: One Cisco pre-standard PoE daughtercard for 36 port EtherSwitch HDSM
- GE-DCARD-ESW: One GE (1000BaseT) daughtercard for EtherSwitch Modules
So based on the above and your own statement here OP said by bclbob:I have gi2/0 and gi2/1 showing on the ESW. I have my computer on gi2/1. I noticed that I can only download 80Mbit from the internet on comcasts 105Mbit service. If I plugged in to the modem direct I get about 120. Guessing you have the NMD-36-ESW-2GIG then? Please share the output of "show inventory" to confirm. So given your config and this said by bclbob:comcast 105Mbit modem on gi0/0 comcast 50Mbit modem on fa4/0
ESW is in slot 2
vlan10 is the interal network where all my good stuff runs, I got nervous about that and have vlan20 as a guest vlan. First off, _IF_ the upstream device on Gi0/0 is already nat'ing, no need to set up ANOTHER set of NAT's on the 38xx; it's pretty pointless and just sucks up CPU cycles. I also agree with TomS_ 's suggestion of backing up your config, then stripping it down to only two seperate IP networks between Gi0/0 and wherever you connect your PC and loadtesting with IPERF or similar -- not sure how you're testing speeds, but PC/GigE NIC to PC/GigE NIC thru the 38xx with IPERF will at least minimize the variables. My 00000010bits Regards |
|