IPSLA-ICMP Jitter-Packet loss count

Similar Messages

• Non-Immersive Endpoints Call Statistics Reports - jitter, packet loss

  Hi,
  We are trying to have reports from calls of Non-Immersive Endpoints. We need to have info about jitter and packet loss.
  I know it is saved in the logs in file called call_history.txt and available via Web interface under "Diagnostics - Call History".
  Issue is how to collect/download such data from Non-Immersive Endpoint automatically. I am not talking about download logs, extract the files, go to specific folder and open specific file. 
  We have such reports for Immersive Endpoints because Call Statistics are included in MIB.
  Any idea/experience to collect such data from Non-Immersive Systems?
  Many thanks,
  Josef

  @Raju_raju
  Many thanks for this - its what I expected but its still disappointing to hear. I think Microsoft are missing a trick here, even WebRTC (in Chrome at least) and most other conferencing applications have call statistics built in.
  The lack of true real time monitoring in Lync out of the box worries me somewhat. I know that there might be third party options, including Microsoft's own SCOM (which of course, not everybody uses), but I would like to see some real time monitoring of this
  real time system as part of its native functionality. True stats available at the client would still be a great help - even if it meant a ALT+Click type procedure.
  I need to dig deeper into the normal Lync monitoring options but I'm used to environments where we can analyse each "video hop" as often, there are specific network segments that cause glitches. For instance, in a call where media is routed via
  an edge, I would liek to see the stats on the leg from the client to the edge then from the edge to the FEP or Director etc.
  Thanks for the heads up on the Snooper documentation. I have read this page previously but will re-visit, yet this is somewhat over kill for some basic real time statistical output.
  @Eric - Great table. I must say I have never come across this and it certainly has useful stuff. I can almost understand why Microsoft shows the simplistic feedback by default, but for an advanced user or engineer having to look up the dumbed down feedback
  against such a table is simply a waste of time. The actually stats (including both percentage and raw packet loss data) is eminently more useful and immediate.
  Microsoft - are you listening?
  Chris

• WIFI Packet Loss/Jitter MacBook Air 11 & LION OSX 10.7.1

  I started using computers more than 30 years ago when I was 5, I had my first IBM PC at the age of 10 and have never had any interest in paying over the odds for an Apple mac mainly because I saw the Mac as a kind of "Can't open nothing", one mouse buttoned retard of the computer world.
  That is, until now.
  I set up an online business 3 years ago and rented a dedicated server and set the whole business up in a cloud, so to speak. Having done that, all I needed a laptop for was a remote desktop connection and to run a SIP phone (Internet phone).
  My PC based laptops had almost nothing installed on them, and I wasn't using software on the laptop itself, I was using remote desktop, so - why not try a MAC? The new Macbook Air 11 is small, light and made of metal and glass so should be robust enough to travel with me.
  I have to say, this was the worst move I've ever made.
  I opened the new shiny macbook and the first thing I noticed was that the internet seemed hit and miss. Moving around the room I managed to find a spot whereby pages woud load quickly. Strange, my £200 acer laptop was sh.t fast everywhere in the house. No matter, I packed it back away and carried on working on the Windows machine.
  I've come to Newquay this week, and i've started to try and use the Macbook again in a hotel. The wireless signal in the room is low, and speedtest shows about 1 meg down and 3/4 meg up. That may sound bad to you, but remote desktop uses about 5k/sec (modem dial up speed) and the softphone, well, my Asterisk VOIP setup is confugured to use the GSM codec so that's 8k/sec each way + overheads.
  This whole setup was deliberately designed to be "thin" so I can travel with ease and work on bad connections like USB internet sticks.
  Anyhow, the Macbook was unable to hold a stable connection to the remote desktop or SIP phone, even though the speed test showed a whopping 1 meg up and down. What you may not be aware of is that there is more to a connection than the speed, there is the quality as well. How many packets are lost / how much "jitter" is on the line.
  Anyhow, we're not living in the 3rd world, I ran a PINGTEST and it showed a small amount of jitter but told me the line was class B, online games may suffer but voip should be fine.
  I unpacked the Acer, placed it in exactly the same spot as the Apple had sat in and it worked beautifully with 1 bar of wireless signal, all day long. Phone calls were clear.
  So you know now what I'm thinking. I'm sitting here with my £200 acer because I can't use the £1500 macbook air 11. I paid nearly sixteen hundred pounds for this piece of .... and it doesn't ...... work. Time to contact Apple support.
  2nd Mistake!
  Representitive 1: - Told me that I can't compare the Macbook Air to the Acer, the Acer has Google Chrome and everybody knows Google Chrome is the fastest browser. I was told there was nothing more he could do, its probably a bad line at the hotel. When I explained the Acer works fine for voip I was told well, maybe it is getting a better signal. I explained the Acer has the cheapest possible parts inside it and paid 1500 for this macbook, expecting it to have quality parts inside and was told I'd paid for the size, because its so small but its not considered "powerful". Apple do you train your staff? Clearly not.
  Thank god I wasn't paying to talk to this moron.
  Representitive 2: - Had no idea what packet loss or Jitter was, got me to do a speedtest and said that looks fine. Then he got me to remove the WIFI adapter and re add it in the network settings.
  Guess what, nothing changed, its still the same hardware and software.
  Representitive 3: - Still not really understanding "quality" issues with the networking interface, I was asked to install the latest Java client. I did it, only because I wanted to comply with Apples wishes so they'd help me, but they weren't helping and Java has nothing to do with the network adapter, so that was useless advice too.
  Apple seem to have no idea there is a problem, even though Google has pages and pages of people saying the same as me, and their own discussion forums have thousands of people complaining https://discussions.apple.com/thread/2664670?start=0&tstart=0
  Finally, late yesterday whilst speaking to d.ck head number 3 at Apple support, we found a forum post talking about a fix, 10.7.1 update. I told d. head number 3 about the update and he suggested I applied it. So I did and everything looked great, for a whole evening.
  This morning, I switched on again and the same thing, slow remote desktop, choppy unusable phone. Remember the phone needs less than 20k for a conversation, thats 0.2 meg. Speedtest again showing a whole meg both ways.
  I called apple support again, this time being a little forceful, and I've asked for this to be escalated, but the bottom line is - they have no fix, they don't aknowledge this as a problem and I was told LION is new, so maybe it's got a bug..
  I told the guy on the phone this is a network driver issue, the intermittency of the problem shows that and the Apple's lack of settings for the network adapter means the unit is autonegotiating with the router and choosing speed and duplex settings on its own. Sometimes it does that correctly, other times not and the connection although fast has a lot of noise / packet loss / corruption.
  I've found a workaround, you put the unit to sleep and wake it up again and it runs fast until the next shutdown. Not really acceptable seeing as I was paying for "the cream of the crop".
  I will definately not be recommending Apple products, and i'll certainly not be replacing the Windows laptops in my business with Apple's toytown system- i'd go out of business if I had to rely on this.
  All there is left now, is to look at Boot camp and see if I can wipe this waste of space linux hack from the unit and install Windows 7.

  I started using computers more than 30 years ago when I was 5, I had my first IBM PC at the age of 10 and have never had any interest in paying over the odds for an Apple mac mainly because I saw the Mac as a kind of "Can't open nothing", one mouse buttoned retard of the computer world.
  That is, until now.
  I set up an online business 3 years ago and rented a dedicated server and set the whole business up in a cloud, so to speak. Having done that, all I needed a laptop for was a remote desktop connection and to run a SIP phone (Internet phone).
  My PC based laptops had almost nothing installed on them, and I wasn't using software on the laptop itself, I was using remote desktop, so - why not try a MAC? The new Macbook Air 11 is small, light and made of metal and glass so should be robust enough to travel with me.
  I have to say, this was the worst move I've ever made.
  I opened the new shiny macbook and the first thing I noticed was that the internet seemed hit and miss. Moving around the room I managed to find a spot whereby pages woud load quickly. Strange, my £200 acer laptop was sh.t fast everywhere in the house. No matter, I packed it back away and carried on working on the Windows machine.
  I've come to Newquay this week, and i've started to try and use the Macbook again in a hotel. The wireless signal in the room is low, and speedtest shows about 1 meg down and 3/4 meg up. That may sound bad to you, but remote desktop uses about 5k/sec (modem dial up speed) and the softphone, well, my Asterisk VOIP setup is confugured to use the GSM codec so that's 8k/sec each way + overheads.
  This whole setup was deliberately designed to be "thin" so I can travel with ease and work on bad connections like USB internet sticks.
  Anyhow, the Macbook was unable to hold a stable connection to the remote desktop or SIP phone, even though the speed test showed a whopping 1 meg up and down. What you may not be aware of is that there is more to a connection than the speed, there is the quality as well. How many packets are lost / how much "jitter" is on the line.
  Anyhow, we're not living in the 3rd world, I ran a PINGTEST and it showed a small amount of jitter but told me the line was class B, online games may suffer but voip should be fine.
  I unpacked the Acer, placed it in exactly the same spot as the Apple had sat in and it worked beautifully with 1 bar of wireless signal, all day long. Phone calls were clear.
  So you know now what I'm thinking. I'm sitting here with my £200 acer because I can't use the £1500 macbook air 11. I paid nearly sixteen hundred pounds for this piece of .... and it doesn't ...... work. Time to contact Apple support.
  2nd Mistake!
  Representitive 1: - Told me that I can't compare the Macbook Air to the Acer, the Acer has Google Chrome and everybody knows Google Chrome is the fastest browser. I was told there was nothing more he could do, its probably a bad line at the hotel. When I explained the Acer works fine for voip I was told well, maybe it is getting a better signal. I explained the Acer has the cheapest possible parts inside it and paid 1500 for this macbook, expecting it to have quality parts inside and was told I'd paid for the size, because its so small but its not considered "powerful". Apple do you train your staff? Clearly not.
  Thank god I wasn't paying to talk to this moron.
  Representitive 2: - Had no idea what packet loss or Jitter was, got me to do a speedtest and said that looks fine. Then he got me to remove the WIFI adapter and re add it in the network settings.
  Guess what, nothing changed, its still the same hardware and software.
  Representitive 3: - Still not really understanding "quality" issues with the networking interface, I was asked to install the latest Java client. I did it, only because I wanted to comply with Apples wishes so they'd help me, but they weren't helping and Java has nothing to do with the network adapter, so that was useless advice too.
  Apple seem to have no idea there is a problem, even though Google has pages and pages of people saying the same as me, and their own discussion forums have thousands of people complaining https://discussions.apple.com/thread/2664670?start=0&tstart=0
  Finally, late yesterday whilst speaking to d.ck head number 3 at Apple support, we found a forum post talking about a fix, 10.7.1 update. I told d. head number 3 about the update and he suggested I applied it. So I did and everything looked great, for a whole evening.
  This morning, I switched on again and the same thing, slow remote desktop, choppy unusable phone. Remember the phone needs less than 20k for a conversation, thats 0.2 meg. Speedtest again showing a whole meg both ways.
  I called apple support again, this time being a little forceful, and I've asked for this to be escalated, but the bottom line is - they have no fix, they don't aknowledge this as a problem and I was told LION is new, so maybe it's got a bug..
  I told the guy on the phone this is a network driver issue, the intermittency of the problem shows that and the Apple's lack of settings for the network adapter means the unit is autonegotiating with the router and choosing speed and duplex settings on its own. Sometimes it does that correctly, other times not and the connection although fast has a lot of noise / packet loss / corruption.
  I've found a workaround, you put the unit to sleep and wake it up again and it runs fast until the next shutdown. Not really acceptable seeing as I was paying for "the cream of the crop".
  I will definately not be recommending Apple products, and i'll certainly not be replacing the Windows laptops in my business with Apple's toytown system- i'd go out of business if I had to rely on this.
  All there is left now, is to look at Boot camp and see if I can wipe this waste of space linux hack from the unit and install Windows 7.

• VoIP Phones - Testing Latency, Jitter, and Packet Loss

  I am having big problems with my VoIP phone connection and I'll try to lay it out clearly here.
  The main telephone system resides at Location A (static IP address - see below - xxx.xxx.206.19), which has a network connection of 50MB down/20MB up (i.e., very fast).  The VoIP phone configured for that system resides at Location B, which has a network connection of 10MB down/1MB up (i.e., also fast, or at least fast enough "on paper" for a quality VoIP connection).  The LAN at Location A uses an Airport Extreme router, which does not have QOS or EF capability. The LAN at Location B uses a D-Link DIR-655 router which does have QOS that is configured properly to direct all traffic to the VoIP phone's IP address.
  The VoIP phone at Location B is having intermittent call quality problems with skipping of words, hollowing out noises, jittery conversations, etc.  All the inquiries I've made to the ISPs and phone system manufacturer (ESI) suggest that my base Internet speeds are not the problem.
  I'm told, instead, that the problem might be latency, jitter, or packet loss between Location A and Location B.  This leads to several questions:
  (1)     Is there any Mac software that can test latency, jitter, and packet loss? I've looked at Network Utility and it seems to only measure a few things. 
  (2)     Does anyone see anything in the following Traceroute and Ping results (done twice from Location B to Location A) that looks problematic to VoIP quality?:
  Traceroute:
  First run: Traceroute has started…
  traceroute to xxx.xxx.206.19 (xxx.xxx.206.19), 64 hops max, 72 byte packets
  1  alfirving (192.168.0.1)  0.569 ms  0.363 ms  0.302 ms
  2  10.72.28.1 (10.72.28.1)  27.567 ms 18.161 ms  22.288 ms
  3  70.125.216.150 (70.125.216.150)  9.841 ms  10.346 ms  9.497 ms
  4  24.164.209.116 (24.164.209.116)  11.042 ms 8.298 ms  9.433 ms
  5  70.125.216.108 (70.125.216.108)  21.068 ms  20.657 ms  12.045 ms
  6  te0-8-0-2.dllatxl3-cr01.texas.rr.com (72.179.205.48)  11.154 ms  11.540 ms  24.495 ms
  7  107.14.17.136 (107.14.17.136)  11.994 ms  14.217 ms  15.816 ms
  8  ae-3-0.pr0.dfw10.tbone.rr.com (66.109.6.209) 14.566 ms  32.670 ms  15.947 ms
  9  ix-0-3-2-0.tcore2.dt8-dallas.as6453.net (209.58.47.105)  11.647 ms  12.260 ms  12.386 ms
  10  if-2-2.tcore1.dt8-dallas.as6453.net (66.110.56.5) 10.023 ms  12.285 ms  12.338 ms
  11  209.58.47.74 (209.58.47.74)  17.641 ms 16.741 ms  16.372 ms
  12  0.ae2.xl3.dfw7.alter.net (152.63.97.57)  11.584 ms  12.315 ms  12.890 ms
  13  0.so-6-1-0.dfw01-bb-rtr1.verizon-gni.net (152.63.1.90)  13.812 ms
      0.ge-3-0-0.dfw01-bb-rtr1.verizon-gni.net (152.63.1.17)  18.831 ms
      130.81.23.164 (130.81.23.164)  14.189 ms
  14  p14-0-0.dllstx-lcr-05.verizon-gni.net (130.81.27.40) 14.561 ms  13.621 ms  15.544 ms
  15  * * *
  16  static-xxx.xxx.206.19.dllstx.fios.verizon.net (xxx.xxx.206.19)  23.125 ms  24.136 ms  22.411 ms
  Second run: Traceroute has started…
  traceroute to xxx.xxx.206.19 (xxx.xxx.206.19), 64 hops max, 72 byte packets
  1  alfirving (192.168.0.1)  0.603 ms  0.420 ms  0.324 ms
  2  10.72.28.1 (10.72.28.1)  40.494 ms 26.625 ms  14.152 ms
  3  70.125.216.150 (70.125.216.150)  9.431 ms  9.660 ms  9.018 ms
  4  24.164.209.116 (24.164.209.116)  16.293 ms  12.339 ms  19.252 ms
  5  70.125.216.108 (70.125.216.108)  15.801 ms  11.438 ms  12.068 ms
  6  te0-8-0-2.dllatxl3-cr01.texas.rr.com (72.179.205.48)  23.221 ms  30.459 ms  17.519 ms
  7  107.14.17.136 (107.14.17.136)  14.611 ms  15.696 ms  15.775 ms
  8  ae-3-0.pr0.dfw10.tbone.rr.com (66.109.6.209) 17.643 ms  14.812 ms  16.294 ms
  9  ix-0-3-2-0.tcore2.dt8-dallas.as6453.net (209.58.47.105)  11.169 ms  12.374 ms  9.849 ms
  10  if-2-2.tcore1.dt8-dallas.as6453.net (66.110.56.5) 16.453 ms  12.168 ms  12.384 ms
  11  209.58.47.74 (209.58.47.74)  18.015 ms 14.867 ms  16.432 ms
  12  0.ae2.xl3.dfw7.alter.net (152.63.97.57)  11.471 ms  11.993 ms  12.395 ms
  13  0.ge-6-3-0.dfw01-bb-rtr1.verizon-gni.net (152.63.96.42)  14.077 ms  29.153 ms
      0.ge-3-0-0.dfw01-bb-rtr1.verizon-gni.net (152.63.1.17) 17.962 ms
  14  p14-0-0.dllstx-lcr-05.verizon-gni.net (130.81.27.40)  14.629 ms  12.297 ms  12.839 ms
  15  * * *
  16  static-xxx.xxx.206.19.dllstx.fios.verizon.net (xxx.xxx.206.19)  24.976 ms  22.170 ms  22.376 ms
  Ping:
  First Run: Ping has started…
  PING xxx.xxx.206.19 (xxx.xxx.206.19): 56 data bytes
  64 bytes from xxx.xxx.206.19: icmp_seq=0 ttl=242 time=22.814 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=1 ttl=242 time=24.621 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=2 ttl=242 time=24.711 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=3 ttl=242 time=24.109 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=4 ttl=242 time=23.336 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=5 ttl=242 time=25.644 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=6 ttl=242 time=27.755 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=7 ttl=242 time=25.135 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=8 ttl=242 time=22.443 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=9 ttl=242 time=24.635 ms
  --- xxx.xxx.206.19 ping statistics ---
  10 packets transmitted, 10 packets received, 0.0% packet loss
  round-trip min/avg/max/stddev = 22.443/24.520/27.755/1.448 ms
  Second Run: Ping has started…
  PING xxx.xxx.206.19 (xxx.xxx.206.19): 56 data bytes
  64 bytes from xxx.xxx.206.19: icmp_seq=0 ttl=242 time=27.183 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=1 ttl=242 time=24.629 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=2 ttl=242 time=22.511 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=3 ttl=242 time=39.620 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=4 ttl=242 time=26.722 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=5 ttl=242 time=23.183 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=6 ttl=242 time=25.171 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=7 ttl=242 time=24.412 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=8 ttl=242 time=23.837 ms
  64 bytes from xxx.xxx.206.19: icmp_seq=9 ttl=242 time=23.785 ms
  --- xxx.xxx.206.19 ping statistics ---
  10 packets transmitted, 10 packets received, 0.0% packet loss
  round-trip min/avg/max/stddev = 22.511/26.105/39.620/4.713 ms
  (3) Any other ideas on what my call quality problem might be, or how I can tweak it?  For example, would putting a DIR-655 router at Location A and enabling QOS really make a difference?
  Thanks to everyone, and I hope this is not too long or difficult to understand.

  Hey thanks for your reply  Yeah im only getting 1 ro sometimes 2 bars reception so hopefully the antenna will beef things up but I think it is what it is perhaps.  

• CUCM Security - Are Jitter, Latency and Packet Loss Stats in Clear Text ?

  I've reviewed the Cisco Unified Communications Manager Security Guide and see no suggestion that implementing encryption prevents MoS scoring.  In other words, when you implement encryption, do you still have access to jitter, latency and packet loss information in clear text?
  TIA,
  Amir

  Well.. the phones measure the statistics.
  The phones then report the stats to CUCM for inclusion in the CMRs.
  ... as I recall this is done via SCCP.
  So yes, it's clear text, unless your signalling is encrypted generally. On most clusters it's not.
  Aaron

• IP SLA icmp jitter operation

  Hello
  I would like to track icmp jitter for end host. I verified in documentation that it can be any host as a destination. But i got error on this operation:
   Latest RTT: NoConnection/Busy/Timeout
  I verified that there is no firewall between the source and destination and icmp timestamp request works when done manually:
  r01#ping          
  Protocol [ip]:     
  Target IP address: 10.23.33.6
  Repeat count [5]: 
  Datagram size [100]: 
  Timeout in seconds [2]: 
  Extended commands [n]: y
  Source address or interface: 
  Type of service [0]: 
  Set DF bit in IP header? [no]: 
  Validate reply data? [no]: 
  Data pattern [0xABCD]: 
  Loose, Strict, Record, Timestamp, Verbose[none]: Timestamp
  Number of timestamps [ 9 ]: 
  Loose, Strict, Record, Timestamp, Verbose[TV]: 
  Sweep range of sizes [n]: 
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 10.23.33.6, timeout is 2 seconds:
  Packet has IP options:  Total option bytes= 40, padded length=40
   Timestamp: Type 0.  Overflows: 0 length 40, ptr 5
    >>Current pointer<<
    Time= 01:00:00.000 CET (00000000)
    Time= 01:00:00.000 CET (00000000)
    Time= 01:00:00.000 CET (00000000)
    Time= 01:00:00.000 CET (00000000)
    Time= 01:00:00.000 CET (00000000)
    Time= 01:00:00.000 CET (00000000)
    Time= 01:00:00.000 CET (00000000)
    Time= 01:00:00.000 CET (00000000)
    Time= 01:00:00.000 CET (00000000)
  Reply to request 0 (4 ms).  Received packet has no options
  Reply to request 1 (4 ms).  Received packet has no options
  Reply to request 2 (1 ms).  Received packet has no options
  Reply to request 3 (1 ms).  Received packet has no options
  Reply to request 4 (1 ms).  Received packet has no options
  Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
  r01#sh ip sla statistics 196
  IPSLAs Latest Operation Statistics
  IPSLA operation id: 196
  Type of operation: icmp-jitter
          Latest RTT: NoConnection/Busy/Timeout
  Latest operation start time: 12:45:21.019 CET Fri Nov 21 2014
  Latest operation return code: Timeout
  RTT Values:
          Number Of RTT: 0                RTT Min/Avg/Max: 0/0/0 
  Latency one-way time:
          Number of Latency one-way Samples: 0
          Source to Destination Latency one way Min/Avg/Max: 0/0/0 
          Destination to Source Latency one way Min/Avg/Max: 0/0/0 
  Jitter Time:
          Number of SD Jitter Samples: 0
          Number of DS Jitter Samples: 0
          Source to Destination Jitter Min/Avg/Max: 0/0/0 
          Destination to Source Jitter Min/Avg/Max: 0/0/0 
  Packet Late Arrival: 0
  Out Of Sequence: 0
          Source to Destination: 0        Destination to Source 0
          In both Directions: 0
  Packet Skipped: 0       Packet Unprocessed: 0
  Packet Loss: 0
          Loss Period Length Min/Max: 0/0
  Number of successes: 0
  Number of failures: 34
  ip sla 197
   icmp-jitter 10.23.33.6
   frequency 30
  ip sla schedule 197 life forever start-time now
  Nov 21 12:57:43: IP SLAs(197) Scheduler: saaSchedulerEventWakeup
  Nov 21 12:57:43: IP SLAs(197) Scheduler: Starting an operation
  Nov 21 12:57:43: IP SLAs(197) icmpjitter operation: Starting icmpjitter operation
  Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
  Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
  Nov 21 12:57:49: IP SLAs(197) Scheduler: Updating result
  Nov 21 12:57:49: IP SLAs(197) Scheduler: start wakeup timer, delay = 24796
  Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
  Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
  Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
  Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
  Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
  Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
  Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
  Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
  Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
  Any help would be appreciated.

  Hi Jorge
  According to Cisco documentation icmp-jitter should work on any IP Device.
  I have a similar issue.
  1. I can run icmp-jitter successfully to non cisco routers
  2. it fails to run to a generic ip device.
  Imran

• EEM- Email alert with IP SLA Based on Packet Loss

  hi joseph,
  i need your advise, i want to get alert email based on IP SLA Packet loss
  the scenarion as below :
  1. If the traffic hit threshold packet loss greater than 20% as long 15 minutes --> send email
  2. If reset condition packet loss eq 0% as long 15 minutes --> send email again
   I don't know how to configure it condition. could you help me to verify my configuration below?
  ip sla logging traps
  ip sla 1 
   icmp-jitter 10.216.0.105 source-ip 10.216.0.107 num-packets 100 interval 40
   frequency 50
  ip sla schedule 1 life forever start-time now
  ip sla reaction-configuration 1 react Packetloss threshold-value 3 1 threshold-type immediate action-type trapOnly
  ip sla enable reaction-alerts
  event manager applet TEST 
   event syslog pattern "IP SLAs\(1\): Threshold exceeded"
   action 2.0 mail server "10.240.0.10" to "[email protected]" from "[email protected]" subject "Alert for Intermittent Link" body "link intermittent in x %"
  thank you

  What's you have could work with a few modifications.  First, increase that threshold-value of 3 to 20.  You can leave the falling threshold value of 1.  You'll need to add another applet to match the falling threshold syslog message.  Not sure exactly what that one will look like.
  The first applet will look like this:
  event manager environment q "
  event manager applet ipsla-threshold-exceeded
   event syslog pattern "IP SLAs\(1\): Threshold exceeded"
   action 001 cli command "enable"
   action 002 cli command "config t"
   action 003 cli command "no event manager applet ipsla-healthy"
   action 004 cli command "event manager applet ipsla-unhealthy"
   action 005 cli command "event timer countdown time 900"
   action 006 cli command "action 1.0 mail server $q 10.240.0.10$q to $q [email protected]$q from $q [email protected]$q subject $q Alert for Intermittent Link$q body $q link intermittent in 20 %$q"
   action 007 cli command "action 2.0 cli command enable"
   action 008 cli command "action 3.0 cli command $q config t$q"
   action 009 cli command "action 4.0 cli command $q no event manager applet ipsla-unhealthy$q"
   action 010 cli command "action 5.0 cli command end"
   action 011 cli command "end"
  And the second applet (the one where you'll need to fill in the appropriate syslog pattern) will look like:
  event manager applet ipsla-threshold-normal
   event syslog pattern "FALLING THRESHOLD PATTERN HERE"
   action 001 cli command "enable"
   action 002 cli command "config t"
   action 003 cli command "no event manager applet ipsla-unhealthy"
   action 004 cli command "event manager applet ipsla-healthy"
   action 005 cli command "event timer countdown time 900"
   action 006 cli command "action 1.0 mail server $q 10.240.0.10$q to $q [email protected]$q from $q [email protected]$q subject $q Link is stable$q body $q Link has been stable for 15 minutes$q"
   action 007 cli command "action 2.0 cli command enable"
   action 008 cli command "action 3.0 cli command $q config t$q"
   action 009 cli command "action 4.0 cli command $q no event manager applet ipsla-healthy$q"
   action 010 cli command "action 5.0 cli command end"
   action 011 cli command "end"

• Percantage of packet loss on link

  I am working with Cisco routers and i need somehow to find out packet loss percentage for each link (actual). I was trying to use ICMP Jitter IP SLA operation, which unfortunately returns only the number of dropped packets. So i need to get via SNMP the number of transferred packets on line to calculate the percentage. Which OID should i use to obtain this information?

  Be careful, by definition a 10 Mbit half-duplex connection is equivalent to a single T1 of bandwidth, nothing even close to 6 Mbit of bandwidth. If you are running QoS (assuming CBWFQ and LLQ), based on a shaped parent policy equal to 6 Mbit you will definitely oversubscribe the 10 Mbit half-duplex connections by a significant margin.
  The reason for this is that a T1 is 1.536 Mbit full-duplex (over 3 Mbit of bandwidth). A 10 Mbit half-duplex connection maxes out of usable bandwidth at about 30% utilization, with almost 100% packet loss (due to excessive collisions) at 40% utilization. As you can see, 40% utilization on a half-duplex 10 Mbit connection is equal to about 4 Mbit of bandwidth and a single T1 is over 3 Mbit of bandwidth. Again, not anywhere close to 6 Mbit of bandwidth.
  Assuming you are shaping at 6 Mbit with a child CBWFQ and LLQ policy (you are shaping, right?), you will not be able to guarantee that rate of bandwidth which will crush your audio/video call.
  Let me know if you have any questions/comments...

• Packet loss higher than 100% in SQL Reporting

  One of our customers is having network problems and packet loss in their network - according to Lync. The network guys claim these values are unrealistic and there've been no dropped packets on their WAN network.
  On the other side, I'm looking at a Call Details Report from Lync SQL Reporting and see this in the gateway leg information:
  Audio Stream (Caller -> Callee)
  Codec:
  PCMU
  Sample rate:
  8000
  Packet utilization:
  285
  Avg. packet loss rate:
  51.20%
  Max. packet loss rate:
  79.52%
  Avg. jitter:
  0 ms
  Max. jitter:
  0 ms
  Burst duration:
  5980 ms
  Burst gap duration:
  1890 ms
  Burst density:
  100.00%
  Burst gap density:
  0.00%
  Avg. concealed samples ratio:
  60.00%
  Avg. stretched samples ratio:
  0.00%
  Avg. compressed samples ratio:
  0.00%
  Avg. network MOS:
  1.50
  Min. network MOS:
  1.50
  Avg. network MOS degradation:
  2.21
  Max. network MOS degradation:
  2.21
  NMOS degradation (jitter):
  0.00%
  NMOS degradation (packet loss):
  100.00%
  Audio Stream (Callee -> Caller)
  Codec:
  PCMU
  Sample rate:
  8000
  Audio FEC:
  False
  Bandwidth estimates:
  Packet utilization:
  146
  Avg. packet loss rate:
  900.00%
  Max. packet loss rate:
  900.00%
  Avg. jitter:
  1540 ms
  Max. jitter:
  4406 ms
  Avg. round trip:
  178 ms
  Max. round trip:
  179 ms
  From this I feel there are things to troubleshoot. :-) but how come that Lync reports a 900% packet loss?
  I thought that a 100% packet loss was everything... can someone tell me what exactly are these 100+ percentages?
  Thanks in advance.

  latest patch level :) are you not seeing these values in your Server Performance reports?
  The other thing that bugs me is when you have 1 call for 1 second with "900% loss", that would average down to get red values in the summary columns for the other 100 calls as well, as the calls are not counted for seconds, but just piece by piece.
  So 8 perfect calls to this one above would average "100% packet loss per call" in the summary, which is just unusable...

• SLA ICMP-Jitter Operation problems

  I'm trying to guage network performance using the UDP-jitter and ICMP-jitter operations for a specific network segment.  We have a voice encoders that stream the audio over IP using UDP across the network.  The issue we are experiencing is out-of-sequence packets; these packets show up as artefacts on the receiving end audio output.  I understand that UDP is a connectionless protocol that doesn't provide any mechanism for sequencing.  This is where teh SLA monitors come in.
  I'm seeing statistics across the monitors that are inconsistent with each other.  They aren't off just a little from each other; they are off quite a bit.  The UDP-jitter operation (40006) isn't reporting any out-of-sequence packets (I can only see the last two hours, so I just changed the history to 24 hours).  Operations 40001 and 40002 (ICMP-jitter) seem to report no packets as out-of-sequence or all packets as out-of-sequence.  Operation 40002 is reporting around 50% packet loss.  This is a false report.  Operation 40006 is reporting 0% packet loss and the CODECs would be unusable if this were the case.  Operations 50001 and 50002 were just configured so I don't have much history on them.  Operation 50001 seems to be running clean, but 50002 has a lot of unprocessed packets.
  You may have noticed that the operations that traverse the satellite link have a TOS of 172 (DSCP 43).  This is done to ensure the the SLA monitor doesn't step on the CODEC traffic (DSCP EF, which is assigned to the LLQ).  That's not to say that the traffic isn't prioritized; it is guaranteed bandwidth across the link.  Also, there is no congestion on the network.  I have also checked QoS policy-maps and there are no drops for the assoiciated queues.  The circuits are up and stable.  One circuit is a little dirty, but it the error rate is pretty low 0.003%.
  So, my question is two part:
  1.  Why am I recieving out-of-sequence packets?
  2.  Has anyone else had this problem or a similar problem with the ICMP-jitter operation?
  I have included a basic diagram and the statistics I have been able to collect thus far.

  Hi Jorge
  According to Cisco documentation icmp-jitter should work on any IP Device.
  I have a similar issue.
  1. I can run icmp-jitter successfully to non cisco routers
  2. it fails to run to a generic ip device.
  Imran

• CRS-1 ping packet loss

  Hi everyone,
  CRS1 IOS-XR 3.8  when i try to ping packet option and got packet loss as below and don't sure that XR limit for ping or not?
  RP/0/RP0/CPU0:#ping 10.0.0.1 size 3000 count 1000   (ping to outside switch 3750)
  Mon Oct  8 10:12:34.582 THAI
  Type escape sequence to abort.
  Sending 1000, 3000-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
  if i user size 1500 don't have packet losss.
  Can anyone explanation to me?
  Thanks alot.
  Kodos.

  Hello,
  Above result is PING from CRS-1 to another switch, we try to vary packet size and found that if its size greather than 2800 then we always get 4 packets loss from 1000.
  Can you please advice?
  Thanks,
  Rojarek

• IPSLA UDP-Jitter Issues

  Hi guys,
  Our customer has a WAN network (DCoS) and has voice protected across it. I work for an integrator assisting the customer with their CPE routers end-to-end. Essentially CPE routers extend PSTN lines end-to-end over voice-ports and voip call legs between locations. On CPE routers we're seeing voice traffic being marked/matched end-to-end. We're pretty sure that the ISP is somehow shaping/causing delays on the voice traffic interstate but now we're trying to gather some evidence.
  To help isolate, test and provide evidence we were planning on using UDP-Jitter in IP SLA. I've been trying to get this enabled on live routers without success due to the reason "No connection" in the initiators show output. An example of the "show ip sla statistics" on a production device is shown below:
  SITE-1#show ip sla statistics
  IPSLAs Latest Operation Statistics
  IPSLA operation id: 100
  Type of operation: udp-jitter
          Latest RTT: NoConnection/Busy/Timeout
  Latest operation start time: 17:26:47 BNE Mon Jul 2 2012
  Latest operation return code: No connection
  RTT Values:
          Number Of RTT: 0                RTT Min/Avg/Max: 0/0/0 milliseconds
  Latency one-way time:
          Number of Latency one-way Samples: 0
          Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
          Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
  Jitter Time:
          Number of SD Jitter Samples: 0
          Number of DS Jitter Samples: 0
          Source to Destination Jitter Min/Avg/Max: 0/0/0 milliseconds
          Destination to Source Jitter Min/Avg/Max: 0/0/0 milliseconds
  Packet Loss Values:
          Loss Source to Destination: 0
          Source to Destination Loss Periods Number: 0
          Source to Destination Loss Period Length Min/Max: 0/0
          Source to Destination Inter Loss Period Length Min/Max: 0/0
          Loss Destination to Source: 0
          Destination to Source Loss Periods Number: 0
          Destination to Source Loss Period Length Min/Max: 0/0
          Destination to Source Inter Loss Period Length Min/Max: 0/0
          Out Of Sequence: 0      Tail Drop: 0
          Packet Late Arrival: 0  Packet Skipped: 0
  Voice Score Values:
          Calculated Planning Impairment Factor (ICPIF): 0
          Mean Opinion Score (MOS): 0
  Number of successes: 0
  Number of failures: 1
  Operation time to live: Forever
  Number of failures continues to increase every 30 seconds or so. The configuration of SITE-1 is as follows:
  SITE-1#show run | sec ip sla
  ip sla 100
  udp-jitter 10.2.2.2 16584 source-ip 10.1.1.1 source-port 16384
  tos 30
  owner NetFlow
  timeout 60000
  ip sla schedule 100 life forever start-time now
  The configuration of SITE-2 (IP SLA Responder) is as follows:
  SITE-2#show run | sec ip sla
  ip sla responder
  For the sake of privacy I've adjusted the IPs above as well as the router hostnames. The 10.2.2.2 IP lives on SITE-2's router and 10.1.1.1 lives on SITE-1's router.
  If I do the above in GNS it works perfectly so I think something else is going on here. Either I've got a bug (doubt it) or something is preventing the UDP from connecting/responding for the IP SLA. Frustratingly, if I do a "show ip sla responder" on the SITE-2 router... it says it received the packets normally without error:
  SITE-2#show ip sla responder
          General IP SLA Responder on Control port 1967
  General IP SLA Responder is: Enabled
  Number of control message received: 123 Number of errors: 0
  Recent sources:
          10.1.1.1 [18:06:35.989 BNE Mon Jul 2 2012]
          10.1.1.1 [18:06:30.989 BNE Mon Jul 2 2012]
          10.1.1.1 [18:06:25.989 BNE Mon Jul 2 2012]
          10.1.1.1 [18:05:35.989 BNE Mon Jul 2 2012]
          10.1.1.1 [18:05:30.989 BNE Mon Jul 2 2012]
  Recent error sources:
          Permanent Port IP SLA Responder
  Permanent Port IP SLA Responder is: Enabled
  udpEcho Responder:
    IP Address             Port
  If I enable trace debug ("debug ip sla trace") on SITE-1's router I get the following...
  Jul  2 08:13:25.993: IPSLA-INFRA_TRACE:OPER:100 slaSchedulerEventWakeup
  Jul  2 08:13:25.993: IPSLA-INFRA_TRACE:OPER:100 Starting an operation
  Jul  2 08:13:25.993: IPSLA-OPER_TRACE:OPER:100 Starting jitter operation
  Jul  2 08:13:25.993: IPSLA-OPER_TRACE:OPER:100 Ctrl msg: id=116, type=1, len=52, dest_ip=10.2.2.2, enablePort=16584, duration=60200
  Jul  2 08:13:25.993: IPSLA-OPER_TRACE:OPER:100 table_id=0, topo_id=65535
  Jul  2 08:13:30.993: IPSLA-OPER_TRACE:OPER:100 Timeout
  Jul  2 08:13:30.993: IPSLA-OPER_TRACE:OPER:100 Ctrl msg: id=117, type=1, len=52, dest_ip=10.2.2.2, enablePort=16584, duration=60200
  Jul  2 08:13:30.993: IPSLA-OPER_TRACE:OPER:100 table_id=0, topo_id=65535
  Jul  2 08:13:35.993: IPSLA-OPER_TRACE:OPER:100 Timeout
  Jul  2 08:13:35.993: IPSLA-OPER_TRACE:OPER:100 Ctrl msg: id=118, type=1, len=52, dest_ip=10.2.2.2, enablePort=16584, duration=60200
  Jul  2 08:13:35.993: IPSLA-OPER_TRACE:OPER:100 table_id=0, topo_id=65535
  Jul  2 08:13:40.993: IPSLA-OPER_TRACE:OPER:100 Timeout
  Jul  2 08:13:40.993: IPSLA-OPER_TRACE:OPER:100 No connection
  Jul  2 08:13:40.993: IPSLA-INFRA_TRACE:OPER:100 Updating result

  Checked the ports and found I am using different ones on each VoIP gateway. I just added a new operation with a totally unique port that I know is not in use on the source or destination and it still failed:
  voipgw02(config)#ip sla 4033
  voipgw02(config-ip-sla)# udp-jitter 10.205.50.5 17333 source-ip 10.225.50.5 codec g711ulaw codec-numpackets 100
  voipgw02(config-ip-sla-jitter)# tos 184
  voipgw02(config-ip-sla-jitter)# timeout 18000
  voipgw02(config-ip-sla-jitter)# threshold 1000
  voipgw02(config-ip-sla-jitter)# frequency 30
  voipgw02(config-ip-sla-jitter)#ip sla schedule 4033 life forever start-time now ageout 3600
  voipgw02#sh ip sla stat
  IPSLAs Latest Operation Statistics
  IPSLA operation id: 4033
  Type of operation: udp-jitter
          Latest RTT: NoConnection/Busy/Timeout
  Latest operation start time: 21:47:43 EDT Mon Sep 3 2012
  Latest operation return code: No connection
  RTT Values:
          Number Of RTT: 0                RTT Min/Avg/Max: 0/0/0 milliseconds
  Latency one-way time:
          Number of Latency one-way Samples: 0
          Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
          Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
  Jitter Time:
          Number of SD Jitter Samples: 0
          Number of DS Jitter Samples: 0
          Source to Destination Jitter Min/Avg/Max: 0/0/0 milliseconds
          Destination to Source Jitter Min/Avg/Max: 0/0/0 milliseconds
  Packet Loss Values:
          Loss Source to Destination: 0
          Source to Destination Loss Periods Number: 0
          Source to Destination Loss Period Length Min/Max: 0/0
          Source to Destination Inter Loss Period Length Min/Max: 0/0
          Loss Destination to Source: 0
          Destination to Source Loss Periods Number: 0
          Destination to Source Loss Period Length Min/Max: 0/0
          Destination to Source Inter Loss Period Length Min/Max: 0/0
          Out Of Sequence: 0      Tail Drop: 0
          Packet Late Arrival: 0  Packet Skipped: 0
  Voice Score Values:
          Calculated Planning Impairment Factor (ICPIF): 0
          Mean Opinion Score (MOS): 0
  Number of successes: 0
  Number of failures: 1
  Operation time to live: Forever
  Do you know if there are any licensing issues?
  barvoipgw02#show ip sla appl
          IP Service Level Agreements
  Version: Round Trip Time MIB 2.2.0, Infrastructure Engine-III
  Supported Operation Types:
          icmpEcho, path-echo, path-jitter, udpEcho, tcpConnect, http
          dns, udpJitter, dhcp, ftp, VoIP, rtp, icmpJitter
          802.1agEcho VLAN, Port, 802.1agJitter VLAN, Port, udpApp
          wspApp
  Supported Features:
          IPSLAs Event Publisher
  IP SLAs low memory water mark: 63126085
  Estimated system max number of entries: 46234
  Estimated number of configurable operations: 39313
  Number of Entries configured  : 3
  Number of active Entries      : 3
  Number of pending Entries     : 0
  Number of inactive Entries    : 0
  Time of last change in whole IP SLAs: .21:47:43.954 EDT Mon Sep 3 2012

• Wrong direction of Packet loss

  Recently,I capture some RTP packets when user meeting the dialogue jitter and latency.
  User A using the 3951 ip phone (IP address is x.x.125.206, and x.x.200.165 is the voice gateway's ip address ) , and user B using a mobile phone.
  User A responds to me that she can't hear user B clearly.
  This reflect to packets capture result should be packet lost at the in direction.
  But the capture result show that packets loss happen at the out direction.
  Could any body explain it for me?
  Thanks a lot!

  Probably you have captured RTP traffic near the voice gateway. Right?
  I suppose that you have bidirectional packet loss.
  In this case, if you use wireshark near one of the sources you can observe only one direction loss.
  You must try to use wireshark in both network segments.
  P.S. in the bottom of the your image we can see ip addresses of your net.
  Regards.

• Packet Loss after Reboot of ASA 5510

  Hi all,
  I have an ASA and a 2811 behind it and I had to replace a battery on a UPS so I had to take down the network to do it. Before doing it the network ran fine, but I did a WR MEM and a Copy RUNNING to STARTUP config thinking that the configs I had were fine. At some point in the past I must of made a change and never applied it and maybe it is causing the issue, but I am at a loss as to what is the cause. I am getting consistent packet loss from the ASA out. Any address I ping on the inside is clear and quick. Also, I do not know if it is related, but I cannot get results from TRACE ROUTES and I believe I used to.
  I have confirmed the PL is related to my network, if I plug the static IP info from the provider in to a laptop, it is clear. I am at my wits end, and I know just enough to be dangerous, so any help would be appreciated.
  Here are my configs:
  ASA5510# sh run
  : Saved
  ASA Version 9.1(4)
  hostname ASA5510
  domain-name m.int
  enable password encrypted
  xlate per-session deny tcp any4 any4
  xlate per-session deny tcp any4 any6
  xlate per-session deny tcp any6 any4
  xlate per-session deny tcp any6 any6
  xlate per-session deny udp any4 any4 eq domain
  xlate per-session deny udp any4 any6 eq domain
  xlate per-session deny udp any6 any4 eq domain
  xlate per-session deny udp any6 any6 eq domain
  passwd  encrypted
  names
  dns-guard
  interface Ethernet0/0
   description LAN Interface
   nameif Inside
   security-level 100
   ip address 10.10.1.1 255.255.255.252
  interface Ethernet0/1
   description WAN Interface
   nameif Outside
   security-level 0
   ip address 68.233.x.x 255.255.255.128
  interface Ethernet0/2
   description DMZ
   nameif DMZ
   security-level 100
   ip address 10.10.0.1 255.255.255.252
  interface Ethernet0/3
   description VOIP
   nameif VOIP
   security-level 100
   ip address 10.10.2.1 255.255.255.252
  interface Management0/0
   management-only
   shutdown
   nameif management
   security-level 0
   no ip address
  boot system disk0:/asa914-k8.bin
  ftp mode passive
  dns domain-lookup Inside
  dns domain-lookup Outside
  dns server-group DefaultDNS
   name-server 8.8.8.8
   name-server 8.8.4.4
   name-server 68.233.xx.5
   name-server 68.233.xx.6
   domain-name m.int
  same-security-traffic permit inter-interface
  object network ROUTER-2811
   host 10.10.1.2
  object network ROUTER-2821
   host 10.10.0.2
  object network WEBCAM-01
   host 192.168.1.5
  object network DNS-SERVER
   host 192.168.1.2
  object network ROUTER-3745
   host 10.10.2.2
  object network RDP-DC1
   host 192.168.1.2
  object network BLUE
   host 192.168.1.6
   description Blue Iris Server
  object network M_LAP_LEA
   host 192.168.1.20
   description Laptop from LEA
  object-group network PAT-SOURCE
   network-object 10.10.1.0 255.255.255.252
   network-object 10.10.0.0 255.255.255.252
   network-object 10.10.2.0 255.255.255.252
   network-object 192.168.0.0 255.255.255.0
   network-object 172.16.10.0 255.255.255.0
   network-object 172.16.20.0 255.255.255.0
   network-object 128.162.1.0 255.255.255.0
   network-object 128.162.10.0 255.255.255.0
   network-object 128.162.20.0 255.255.255.0
   network-object 192.168.1.0 255.255.255.0
   network-object 192.168.10.0 255.255.255.0
   network-object 192.168.20.0 255.255.255.0
   network-object 172.16.1.0 255.255.255.0
   network-object 162.128.1.0 255.255.255.0
   network-object 162.128.10.0 255.255.255.0
   network-object 162.128.20.0 255.255.255.0
   network-object 142.16.1.0 255.255.255.0
   network-object 142.16.10.0 255.255.255.0
   network-object 142.16.20.0 255.255.255.0
  object-group network DM_INLINE_NETWORK_2
   network-object host 98.22.xxx
  object-group network Outside_access_in
  object-group protocol DM_INLINE_PROTOCOL_1
   protocol-object gre
  access-list USERS standard permit 10.10.1.0 255.255.255.0
  access-list Outside_access_in extended permit tcp host 98.22.xxx object ROUTER-2811 eq ssh
  access-list Outside_access_in extended permit tcp host 98.22.xxx object ROUTER-2821 eq ssh
  access-list Outside_access_in extended permit tcp host 98.22.xxx interface Outside eq https
  access-list Outside_access_in extended permit tcp host 98.22.xxx object WEBCAM-01 eq www inactive
  access-list Outside_access_in extended permit tcp host 98.22.xxx object RDP-DC1 eq xxxx
  access-list Outside_access_in extended permit tcp host 98.22.xxx object BLUE eq xxxx
  access-list Outside_access_in extended permit tcp host 98.22.xxx object ROUTER-3745 eq ssh
  access-list Outside_access_in extended permit tcp any object BLUE eq xxxx
  access-list dmz-access-vlan1 extended permit ip 128.162.1.0 255.255.255.0 any
  access-list dmz-access remark Permit all traffic to DC1
  access-list dmz-access extended permit ip 128.162.1.0 255.255.255.0 host 192.168.1.2
  access-list dmz-access remark Permit only DNS traffic to DNS server
  access-list dmz-access extended permit udp 128.162.1.0 255.255.255.0 host 192.168.1.2 eq domain
  access-list dmz-access remark Permit ICMP to all devices in DC
  access-list dmz-access extended permit icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0
  access-list dmz-access remark Permit all traffic to DC1
  access-list dmz-access remark Permit only DNS traffic to DNS server
  access-list dmz-access remark Permit ICMP to all devices in DC
  pager lines 24
  logging enable
  logging asdm informational
  mtu Inside 1500
  mtu Outside 1500
  mtu DMZ 1500
  mtu VOIP 1500
  mtu management 1500
  icmp unreachable rate-limit 1 burst-size 1
  icmp deny any Outside
  asdm image disk0:/asdm-715.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  object network ROUTER-2811
   nat (Inside,Outside) static interface service tcp ssh x
  object network ROUTER-2821
   nat (DMZ,Outside) static interface service tcp ssh x
  object network WEBCAM-01
   nat (Inside,Outside) static interface service tcp www x
  object network ROUTER-3745
   nat (VOIP,Outside) static interface service tcp ssh x
  object network RDP-DC1
   nat (Inside,Outside) static interface service tcp xxxx xxxx
  object network BLUE
   nat (Inside,Outside) static interface service tcp xxxx xxxx
  nat (any,Outside) after-auto source dynamic any interface
  access-group Outside_access_in in interface Outside
  route Outside 0.0.0.0 0.0.0.0 68.233.151.1 1
  route DMZ 128.162.1.0 255.255.255.0 10.10.0.2 1
  route DMZ 128.162.10.0 255.255.255.0 10.10.0.2 1
  route DMZ 128.162.20.0 255.255.255.0 10.10.0.2 1
  route VOIP 142.16.1.0 255.255.255.0 10.10.2.2 1
  route VOIP 142.16.10.0 255.255.255.0 10.10.2.2 1
  route VOIP 142.16.20.0 255.255.255.0 10.10.2.2 1
  route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1
  route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1
  route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1
  route Inside 192.168.10.0 255.255.255.0 10.10.1.2 1
  route Inside 192.168.20.0 255.255.255.0 10.10.1.2 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server PNL-RADIUS protocol radius
  aaa-server PNL-RADIUS (Inside) host 192.168.1.2
   key *****
   radius-common-pw *****
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 0.0.0.0 0.0.0.0 Inside
  http 98.22.xxx 255.255.255.255 Outside
  snmp-server host Inside 192.168.1.2 community ***** version 2c udp-port 161
  snmp-server location Lovington NM USA
  snmp-server contact Mitchell Tuckness
  snmp-server community *****
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec security-association pmtu-aging infinite
  crypto ca trustpool policy
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 Inside
  ssh 98.22.xxx 255.255.255.255 Outside
  ssh timeout 60
  ssh version 2
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  ntp server 24.56.178.140 source Outside prefer
  username xxxx password x encrypted privilege 15
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns migrated_dns_map_1
   parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns migrated_dns_map_1
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
    inspect icmp error
    inspect pptp
   class class-default
    user-statistics accounting
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
   profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  password encryption aes
  hpm topN enable
  Cryptochecksum:949189d67866f6c09450769d41649992
  : end
  C2811#sh run
  Building configuration...
  Current configuration : 3925 bytes
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname C2811
  boot-start-marker
  boot system flash
  boot-end-marker
  enable secret 4 DWJfYBf6KhkIRmhhIhx8ibAAXVGQWjwfuyzfaX4Im8M
  aaa new-model
  aaa session-id common
  dot11 syslog
  no ip source-route
  ip cef
  no ip dhcp use vrf connected
  ip domain name maladomini.int
  ip name-server 192.168.1.2
  ip name-server 8.8.8.8
  ip name-server 68.233.xxx.x
  ip name-server 68.233.xxx.x
  no vlan accounting input
  multilink bundle-name authenticated
  password encryption aes
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-1290569776
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1290569776
   revocation-check none
   rsakeypair TP-self-signed-1290569776
  crypto pki certificate chain TP-self-signed-1290569776
   certificate self-signed 01
    3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31323930 35363937 3736301E 170D3134 30313035 30363130
    33395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32393035
    36393737 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100B18F F63C5121 00785DE0 854601BA EE77DAA3 21286D8C 6E700C37 237CC1BE
    611023AF FBE04BBE 7B4B3233 E4E129DD A74604E5 62AA39BF 77F98D5D D63944E9
    2345AE37 D93C5753 E425E85A EB22C2C9 CFC5D1A0 F800449B 0419A5C8 A0A101EC
    02928172 7B30A609 71ADA3D4 68F4F484 AF2B3249 0E225DB2 C72C136A E670D761
    DDE30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
    551D2304 18301680 1461F6DE 8EF50F7B 0E46359F 421EA106 9375F65F 30301D06
    03551D0E 04160414 61F6DE8E F50F7B0E 46359F42 1EA10693 75F65F30 300D0609
    2A864886 F70D0101 05050003 81810049 BA55F695 8525265F ED2D77EE 8706BF10
    63A7E644 202F6663 9EA5551F 47F7FC50 D4021EDD E3DC5A80 39FD161A C337D20D
    71B98875 0F1FE887 649E81D3 F93F7A1B A1E18B99 A77B1A59 84DB4711 867913FD
    044084FB 651ECA6E C6EDF35C E43A2946 8C01781E 26DB9484 C8740A82 4A7CA266
    A0655526 CBCB4982 F30D68E9 D70753
          quit
  license udi pid CISCO2811 sn FTX1041A07T
  username admin secret 5 $1$iBeC$8dqYMcpTex8gtUfannzox.
  username xxxx privilege 15 secret 4 DWJfYBf6KhkIRmhhIhx8ibAAXVGQWjwfuyzfaX4Im8M
  redundancy
  ip ssh time-out 60
  ip ssh authentication-retries 5
  ip ssh version 2
  interface FastEthernet0/0
   description CONNECTION TO INSIDE INT. OF ASA
   ip address 10.10.1.2 255.255.255.252
   ip virtual-reassembly in
   duplex auto
   speed auto
  interface FastEthernet0/1
   no ip address
   ip virtual-reassembly in
   duplex auto
   speed auto
  interface FastEthernet0/1.1
   description VLAN 10
   encapsulation dot1Q 10
   ip address 192.168.10.1 255.255.255.0
   ip helper-address 192.168.1.2
   ip virtual-reassembly in
  interface FastEthernet0/1.2
   description VLAN 20
   encapsulation dot1Q 20
   ip address 192.168.20.1 255.255.255.0
   ip helper-address 192.168.1.2
   ip virtual-reassembly in
  interface FastEthernet0/1.3
   description Trunk Interface VLAN 1
   encapsulation dot1Q 1 native
   ip address 192.168.1.1 255.255.255.0
   ip helper-address 192.168.1.2
   ip virtual-reassembly in
  interface Dialer0
   no ip address
  ip default-gateway 10.10.1.1
  ip forward-protocol nd
  no ip http server
  ip http authentication local
  ip http secure-server
  ip dns server
  ip route 0.0.0.0 0.0.0.0 10.10.1.1
  ip ospf name-lookup
  access-list 1 permit any
  dialer-list 1 protocol ip permit
  snmp-server community Maladomini-RW RW
  tftp-server system:running-config 1
  control-plane
  line con 0
   exec-timeout 0 0
   password 7 101D58415D361606050A147A
  line aux 0
  line vty 0 4
   exec-timeout 0 0
   password 7 0527031B2C49470758
   transport input ssh
  scheduler allocate 20000 1000
  end
  2821:
  C2821#sh run
  Building configuration...
  Current configuration : 4128 bytes
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname C2821
  boot-start-marker
  boot system flash
  boot-end-marker
  enable secret 4 x
  aaa new-model
  aaa session-id common
  dot11 syslog
  no ip source-route
  ip cef
  no ip dhcp use vrf connected
  ip domain name maladomini.int
  ip name-server 192.168.1.2
  ip name-server 8.8.8.8
  ip name-server 68.233.xxx.x
  ip name-server 68.233.xxx.x
  no vlan accounting input
  multilink bundle-name authenticated
  password encryption aes
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-3335929422
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-3335929422
   revocation-check none
   rsakeypair TP-self-signed-3335929422
  crypto pki certificate chain TP-self-signed-3335929422
   certificate self-signed 01
    3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 33333335 39323934 3232301E 170D3134 30313135 30333537
    32385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33333539
    32393432 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100AF6D 8C23745E 80AA83AC BE0243DD C8F8EC56 85BBE495 EF790354 B7E81921
    4C46CE35 F840420A 8385D3E3 B7B14EDF F4A8DB51 1A29E0ED A2704F69 9632ED7E
    5F66E546 486B2821 FB77266F 950D351E 13AA18FE 687643F6 FB9BF95F E56A0195
    19B8A7B6 7A582357 2517F08E 5E3BA197 2CD71E3E 32AB4B96 412E9AE3 1932A218
    7A1F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
    551D2304 18301680 14A86115 C2CA9E15 399B2A9C 21585323 1E2F3D98 45301D06
    03551D0E 04160414 A86115C2 CA9E1539 9B2A9C21 5853231E 2F3D9845 300D0609
    2A864886 F70D0101 05050003 81810028 81D8F701 D6AFDC54 94A93185 1E5F4DAC
    4DBF50B7 30B57ABD D1612E69 D964B77A A379F55C 7E823F42 4D01440C B237DED9
    6B8047B7 0496D8BB BD7EAC18 E6ACA1B1 3B527172 4A7B0D7B 4A031168 F99B171D
    D217CB06 2F31E4DF FD9AC1C9 1199869A 34E90671 5611A6DA 7CC6A7B0 A39F78FB
    B3932E37 4B302779 E761DB00 AFA7CC
          quit
  license udi pid CISCO2821 sn FTX1327AH7A
  username x privilege 15 secret 4 x
  redundancy
  ip ssh time-out 60
  ip ssh authentication-retries 5
  ip ssh version 2
  interface GigabitEthernet0/0
   description CONNECTION TO INSIDE INT. OF ASA
   ip address 10.10.0.2 255.255.255.252
   ip virtual-reassembly in
   duplex auto
   speed auto
  interface GigabitEthernet0/1
   no ip address
   ip virtual-reassembly in
   duplex auto
   speed auto
  interface GigabitEthernet0/1.1
   description VLAN 10
   encapsulation dot1Q 10
   ip address 128.162.10.1 255.255.255.0
   ip helper-address 192.168.1.2
   ip virtual-reassembly in
  interface GigabitEthernet0/1.2
   description VLAN 20
   encapsulation dot1Q 20
   ip address 128.162.20.1 255.255.255.0
   ip helper-address 192.168.1.2
   ip virtual-reassembly in
  interface GigabitEthernet0/1.3
   description Trunk Interface VLAN1
   encapsulation dot1Q 1 native
   ip address 128.162.1.1 255.255.255.0
   ip helper-address 192.168.1.2
   ip virtual-reassembly in
  interface Serial0/0/0
   no ip address
   shutdown
  interface Serial0/1/0
   no ip address
   shutdown
  interface Serial0/2/0
   no ip address
   shutdown
  interface Dialer0
   no ip address
  ip default-gateway 10.10.0.1
  ip forward-protocol nd
  no ip http server
  ip http authentication local
  ip http secure-server
  ip dns server
  ip route 0.0.0.0 0.0.0.0 10.10.0.1
  ip ospf name-lookup
  access-list 1 permit any
  dialer-list 1 protocol ip permit
  snmp-server community Maladomini-RW RW
  snmp-server host 192.168.1.2 version 2c Maladomini-RW  envmon cpu snmp
  control-plane
  line con 0
   exec-timeout 0 0
   password 7 101D58415D361606050A147A
  line aux 0
  line vty 0 4
   exec-timeout 0 0
   password 7 15415A545C0B2F29213D0B73
   transport input ssh
  scheduler allocate 20000 1000
  end
  POE Switch:
  C3560#sh run
  Building configuration...
  Current configuration : 7368 bytes
  version 12.2
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  service password-encryption
  hostname C3560
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$wzS5$Kl0aHmGjOrfNL8H8QN9gJ1
  enable password 7 091F1F514124131F02023A7B
  username mtuckness privilege 15 secret 5 $1$j68Z$ObA6K7Qc2Vsmyu479Hlh6/
  aaa new-model
  aaa session-id common
  clock timezone MST -7
  system mtu routing 1500
  ip domain-name maladomini.int
  password encryption aes
  crypto pki trustpoint TP-self-signed-2488747392
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-2488747392
   revocation-check none
   rsakeypair TP-self-signed-2488747392
  crypto pki certificate chain TP-self-signed-2488747392
   certificate self-signed 01
    3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32343838 37343733 3932301E 170D3933 30333031 30303031
    30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34383837
    34373339 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100B715 1CCA0EFB 6D550F27 A4B9F403 7D1CBCCE AB363F89 61AF4773 64351010
    AB866AA6 411463BC A7D9C6E3 0CA4EEEC 47C50D33 2F904AD1 8FC5B10B 8F204157
    FB5B3A4C 78BD4BDF 14F79CCC D9A0E10B 909BF5BA 095BB9AC 722197D4 3C2CB70B
    15D2A221 5FF8BC03 6A642B36 437B9E22 858BF597 F1844026 5DAF2114 EF75718D
    EC3B0203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603
    551D1104 18301682 14433335 36302E6D 616C6164 6F6D696E 692E696E 74301F06
    03551D23 04183016 8014D364 9162E0D2 C7936513 1E1C677C 73D675EC 37FF301D
    0603551D 0E041604 14D36491 62E0D2C7 9365131E 1C677C73 D675EC37 FF300D06
    092A8648 86F70D01 01040500 03818100 2DE49969 2E9C7A81 E96B97A8 7E15BC69
    2DA62233 C958092D 2E51DD59 526DA795 CBFE219E 3536852A 5F71A90A BF5016E0
    F93FA6F7 55D9BA23 52A2858E B927E0FB B3DC6B20 28FBD64C 6FA956EC 3E6E8756
    F12F7182 538D13AE E343674E 41A1BDE1 A42579F2 8070FC92 5C805995 7BA25FA5
    3A89C4E5 C6B2D76F FF2C1CF9 6A8DF631
    quit
  spanning-tree mode pvst
  spanning-tree portfast bpduguard default
  no spanning-tree optimize bpdu transmission
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  ip ssh time-out 60
  ip ssh authentication-retries 5
  ip ssh version 2
  interface FastEthernet0/1
   switchport mode access
   spanning-tree portfast
  interface FastEthernet0/2
   switchport mode access
   spanning-tree portfast
  Removed interfaces
  interface GigabitEthernet0/1
   description CONNECTION TO 2821 ROUTER - TRUNK
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 1,10,20
   switchport mode trunk
  interface GigabitEthernet0/2
  interface GigabitEthernet0/3
  interface GigabitEthernet0/4
  interface Vlan1
   ip address 128.162.1.3 255.255.255.0
   ip helper-address 192.168.1.2
   no ip route-cache
   no ip mroute-cache
  interface Vlan10
   ip address 128.162.10.3 255.255.255.0
   ip helper-address 192.168.1.2
  interface Vlan20
   ip address 128.192.20.3 255.255.255.0
   ip helper-address 192.168.1.2
  ip default-gateway 10.10.0.2
  no ip classless
  ip http server
  ip http authentication local
  ip http secure-server
  access-list 1 permit any
  snmp-server community Maladomini-RW RO
  snmp-server location Lovington NM USA
  line con 0
   exec-timeout 0 0
   password 7 075C701416281D081E1C355D
  line vty 0 4
   password 7 0527031B2C49470758
   transport input ssh
  line vty 5 15
   exec-timeout 0 0
   password 7 05585757796D4A04100B2943
  end

  I located the issue of the packet loss. I have a security system that uploads FTP images of the cameras and after the reboot of the network, the only computer that wasn't shut down was the security camera PC.
  So I think what happened was after I brought everything back up, it was saturating the outgoing bandwidth, causing packet loss and high latency. Once I determined what it was and shut off the FTP image upload, the pings stabilized and it is working fine now. Trace routes are still not functioning, but I can live without that for now.

• What can I do about Packet Loss?

  Hey Verizon Community,
  As the title says, what can I do about packet loss?
  I have been having network spike issues in the video game Starcraft II, and Blizzard support told me to run a pathping to their servers (pathping pasted below). Upon doing that, I discovered that in hop 4, also known as G0-5-4-5.BLTMMD-LCR-22.verizon-gni.net [130.81.191.214], there was 2% packet loss. What can I do about this? Who can I contact to try and get this resolved?
  PATHPING TO BLIZZARD SERVERS:
  Tracing route to 12.129.202.154 over a maximum of 30 hops
  0 Mitch-PC [10.0.0.2]
  1 10.0.0.1
  2 Wireless_Broadband_Router.home [192.168.1.1]
  3 L100.BLTMMD-VFTTP-40.verizon-gni.net [96.244.79.1]
  4 G0-5-4-5.BLTMMD-LCR-22.verizon-gni.net [130.81.191.214]
  5 ae1-0.PHIL-BB-RTR1.verizon-gni.net [130.81.209.238]
  6 * * *
  Computing statistics for 125 seconds...
  Source to Here This Node/Link
  Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
  0 Mitch-PC [10.0.0.2]
  0/ 100 = 0% |
  1 0ms 0/ 100 = 0% 0/ 100 = 0% 10.0.0.1
  0/ 100 = 0% |
  2 0ms 0/ 100 = 0% 0/ 100 = 0% Wireless_Broadband_Router.home [192.168.1.1]
  0/ 100 = 0% |
  3 10ms 0/ 100 = 0% 0/ 100 = 0% L100.BLTMMD-VFTTP-40.verizon-gni.net [96.244.79.1]
  0/ 100 = 0% |
  4 11ms 2/ 100 = 2% 2/ 100 = 2% G0-5-4-5.BLTMMD-LCR-22.verizon-gni.net [130.81.191.214]
  0/ 100 = 0% |
  5 23ms 0/ 100 = 0% 0/ 100 = 0% ae1-0.PHIL-BB-RTR1.verizon-gni.net [130.81.209.238]
  Trace complete.

  Actually it means nothing since its in the middle of the tracert.   Probably the server supports the ping, but at a very low priority so the packets are being counted as lost.  Many servers don't even respond to tracert.