IPSLA-ICMP Jitter-Packet loss count
Hi,
I wanted to monitor the packet loss in my link using IP SLA. So i configured ipsla jitter and started monitoring it. When i analyze the output i found that ip sla statictics shows heavy drop in my link, but when i ping from the router no drop is observed. Why there is such difference in the out put. I read that normal ping and icmp jitter uses different icmp types messages but now i am confused whether my link proper or not. Which data i should belive.
Here is my config and statistics:
ip sla 2166
icmp-jitter 10.70.194.137 num-packets 100
frequency 300
ip sla schedule 2166 life forever start-time now
Type of operation: icmpJitter
Latest RTT: 7 milliseconds
Latest operation start time: 13:56:49.468 IST Sat Dec 24 2011
Latest operation return code: OK
RTT Values:
Number Of RTT: 92 RTT Min/Avg/Max: 3/7/158
Latency one-way time:
Number of Latency one-way Samples: 0
Source to Destination Latency one way Min/Avg/Max: 0/0/0
Destination to Source Latency one way Min/Avg/Max: 0/0/0
Jitter Time:
Number of Jitter Samples: 89
Source to Destination Jitter Min/Avg/Max: 1/4/20
Destination to Source Jitter Min/Avg/Max: 1/1/1
Packet Late Arrival: 0
Out Of Sequence: 0
Source to Destination: 0 Destination to Source 0
In both Directions: 0
Packet Skipped: 0
Packet Loss: 8
Loss Period Length Min/Max: 1/7
Number of successes: 1
Number of failures: 0
Operation time to live: Forever
Hello mate !
For how long you left the IP sla running ? 24 hours ?
I would disable session time out in your router, set the IP Sla running for 60 minutes for example and in the meantime i would leave a ping running too with high repetition in the background.
I saw you only had 8 pkt loss.... we need two "tools" running for a good comparison, tried what i proposed and let me know.
cheers
Similar Messages
-
Non-Immersive Endpoints Call Statistics Reports - jitter, packet loss
Hi,
We are trying to have reports from calls of Non-Immersive Endpoints. We need to have info about jitter and packet loss.
I know it is saved in the logs in file called call_history.txt and available via Web interface under "Diagnostics - Call History".
Issue is how to collect/download such data from Non-Immersive Endpoint automatically. I am not talking about download logs, extract the files, go to specific folder and open specific file.
We have such reports for Immersive Endpoints because Call Statistics are included in MIB.
Any idea/experience to collect such data from Non-Immersive Systems?
Many thanks,
Josef@Raju_raju
Many thanks for this - its what I expected but its still disappointing to hear. I think Microsoft are missing a trick here, even WebRTC (in Chrome at least) and most other conferencing applications have call statistics built in.
The lack of true real time monitoring in Lync out of the box worries me somewhat. I know that there might be third party options, including Microsoft's own SCOM (which of course, not everybody uses), but I would like to see some real time monitoring of this
real time system as part of its native functionality. True stats available at the client would still be a great help - even if it meant a ALT+Click type procedure.
I need to dig deeper into the normal Lync monitoring options but I'm used to environments where we can analyse each "video hop" as often, there are specific network segments that cause glitches. For instance, in a call where media is routed via
an edge, I would liek to see the stats on the leg from the client to the edge then from the edge to the FEP or Director etc.
Thanks for the heads up on the Snooper documentation. I have read this page previously but will re-visit, yet this is somewhat over kill for some basic real time statistical output.
@Eric - Great table. I must say I have never come across this and it certainly has useful stuff. I can almost understand why Microsoft shows the simplistic feedback by default, but for an advanced user or engineer having to look up the dumbed down feedback
against such a table is simply a waste of time. The actually stats (including both percentage and raw packet loss data) is eminently more useful and immediate.
Microsoft - are you listening?
Chris -
WIFI Packet Loss/Jitter MacBook Air 11 & LION OSX 10.7.1
I started using computers more than 30 years ago when I was 5, I had my first IBM PC at the age of 10 and have never had any interest in paying over the odds for an Apple mac mainly because I saw the Mac as a kind of "Can't open nothing", one mouse buttoned retard of the computer world.
That is, until now.
I set up an online business 3 years ago and rented a dedicated server and set the whole business up in a cloud, so to speak. Having done that, all I needed a laptop for was a remote desktop connection and to run a SIP phone (Internet phone).
My PC based laptops had almost nothing installed on them, and I wasn't using software on the laptop itself, I was using remote desktop, so - why not try a MAC? The new Macbook Air 11 is small, light and made of metal and glass so should be robust enough to travel with me.
I have to say, this was the worst move I've ever made.
I opened the new shiny macbook and the first thing I noticed was that the internet seemed hit and miss. Moving around the room I managed to find a spot whereby pages woud load quickly. Strange, my £200 acer laptop was sh.t fast everywhere in the house. No matter, I packed it back away and carried on working on the Windows machine.
I've come to Newquay this week, and i've started to try and use the Macbook again in a hotel. The wireless signal in the room is low, and speedtest shows about 1 meg down and 3/4 meg up. That may sound bad to you, but remote desktop uses about 5k/sec (modem dial up speed) and the softphone, well, my Asterisk VOIP setup is confugured to use the GSM codec so that's 8k/sec each way + overheads.
This whole setup was deliberately designed to be "thin" so I can travel with ease and work on bad connections like USB internet sticks.
Anyhow, the Macbook was unable to hold a stable connection to the remote desktop or SIP phone, even though the speed test showed a whopping 1 meg up and down. What you may not be aware of is that there is more to a connection than the speed, there is the quality as well. How many packets are lost / how much "jitter" is on the line.
Anyhow, we're not living in the 3rd world, I ran a PINGTEST and it showed a small amount of jitter but told me the line was class B, online games may suffer but voip should be fine.
I unpacked the Acer, placed it in exactly the same spot as the Apple had sat in and it worked beautifully with 1 bar of wireless signal, all day long. Phone calls were clear.
So you know now what I'm thinking. I'm sitting here with my £200 acer because I can't use the £1500 macbook air 11. I paid nearly sixteen hundred pounds for this piece of .... and it doesn't ...... work. Time to contact Apple support.
2nd Mistake!
Representitive 1: - Told me that I can't compare the Macbook Air to the Acer, the Acer has Google Chrome and everybody knows Google Chrome is the fastest browser. I was told there was nothing more he could do, its probably a bad line at the hotel. When I explained the Acer works fine for voip I was told well, maybe it is getting a better signal. I explained the Acer has the cheapest possible parts inside it and paid 1500 for this macbook, expecting it to have quality parts inside and was told I'd paid for the size, because its so small but its not considered "powerful". Apple do you train your staff? Clearly not.
Thank god I wasn't paying to talk to this moron.
Representitive 2: - Had no idea what packet loss or Jitter was, got me to do a speedtest and said that looks fine. Then he got me to remove the WIFI adapter and re add it in the network settings.
Guess what, nothing changed, its still the same hardware and software.
Representitive 3: - Still not really understanding "quality" issues with the networking interface, I was asked to install the latest Java client. I did it, only because I wanted to comply with Apples wishes so they'd help me, but they weren't helping and Java has nothing to do with the network adapter, so that was useless advice too.
Apple seem to have no idea there is a problem, even though Google has pages and pages of people saying the same as me, and their own discussion forums have thousands of people complaining https://discussions.apple.com/thread/2664670?start=0&tstart=0
Finally, late yesterday whilst speaking to d.ck head number 3 at Apple support, we found a forum post talking about a fix, 10.7.1 update. I told d. head number 3 about the update and he suggested I applied it. So I did and everything looked great, for a whole evening.
This morning, I switched on again and the same thing, slow remote desktop, choppy unusable phone. Remember the phone needs less than 20k for a conversation, thats 0.2 meg. Speedtest again showing a whole meg both ways.
I called apple support again, this time being a little forceful, and I've asked for this to be escalated, but the bottom line is - they have no fix, they don't aknowledge this as a problem and I was told LION is new, so maybe it's got a bug..
I told the guy on the phone this is a network driver issue, the intermittency of the problem shows that and the Apple's lack of settings for the network adapter means the unit is autonegotiating with the router and choosing speed and duplex settings on its own. Sometimes it does that correctly, other times not and the connection although fast has a lot of noise / packet loss / corruption.
I've found a workaround, you put the unit to sleep and wake it up again and it runs fast until the next shutdown. Not really acceptable seeing as I was paying for "the cream of the crop".
I will definately not be recommending Apple products, and i'll certainly not be replacing the Windows laptops in my business with Apple's toytown system- i'd go out of business if I had to rely on this.
All there is left now, is to look at Boot camp and see if I can wipe this waste of space linux hack from the unit and install Windows 7.I started using computers more than 30 years ago when I was 5, I had my first IBM PC at the age of 10 and have never had any interest in paying over the odds for an Apple mac mainly because I saw the Mac as a kind of "Can't open nothing", one mouse buttoned retard of the computer world.
That is, until now.
I set up an online business 3 years ago and rented a dedicated server and set the whole business up in a cloud, so to speak. Having done that, all I needed a laptop for was a remote desktop connection and to run a SIP phone (Internet phone).
My PC based laptops had almost nothing installed on them, and I wasn't using software on the laptop itself, I was using remote desktop, so - why not try a MAC? The new Macbook Air 11 is small, light and made of metal and glass so should be robust enough to travel with me.
I have to say, this was the worst move I've ever made.
I opened the new shiny macbook and the first thing I noticed was that the internet seemed hit and miss. Moving around the room I managed to find a spot whereby pages woud load quickly. Strange, my £200 acer laptop was sh.t fast everywhere in the house. No matter, I packed it back away and carried on working on the Windows machine.
I've come to Newquay this week, and i've started to try and use the Macbook again in a hotel. The wireless signal in the room is low, and speedtest shows about 1 meg down and 3/4 meg up. That may sound bad to you, but remote desktop uses about 5k/sec (modem dial up speed) and the softphone, well, my Asterisk VOIP setup is confugured to use the GSM codec so that's 8k/sec each way + overheads.
This whole setup was deliberately designed to be "thin" so I can travel with ease and work on bad connections like USB internet sticks.
Anyhow, the Macbook was unable to hold a stable connection to the remote desktop or SIP phone, even though the speed test showed a whopping 1 meg up and down. What you may not be aware of is that there is more to a connection than the speed, there is the quality as well. How many packets are lost / how much "jitter" is on the line.
Anyhow, we're not living in the 3rd world, I ran a PINGTEST and it showed a small amount of jitter but told me the line was class B, online games may suffer but voip should be fine.
I unpacked the Acer, placed it in exactly the same spot as the Apple had sat in and it worked beautifully with 1 bar of wireless signal, all day long. Phone calls were clear.
So you know now what I'm thinking. I'm sitting here with my £200 acer because I can't use the £1500 macbook air 11. I paid nearly sixteen hundred pounds for this piece of .... and it doesn't ...... work. Time to contact Apple support.
2nd Mistake!
Representitive 1: - Told me that I can't compare the Macbook Air to the Acer, the Acer has Google Chrome and everybody knows Google Chrome is the fastest browser. I was told there was nothing more he could do, its probably a bad line at the hotel. When I explained the Acer works fine for voip I was told well, maybe it is getting a better signal. I explained the Acer has the cheapest possible parts inside it and paid 1500 for this macbook, expecting it to have quality parts inside and was told I'd paid for the size, because its so small but its not considered "powerful". Apple do you train your staff? Clearly not.
Thank god I wasn't paying to talk to this moron.
Representitive 2: - Had no idea what packet loss or Jitter was, got me to do a speedtest and said that looks fine. Then he got me to remove the WIFI adapter and re add it in the network settings.
Guess what, nothing changed, its still the same hardware and software.
Representitive 3: - Still not really understanding "quality" issues with the networking interface, I was asked to install the latest Java client. I did it, only because I wanted to comply with Apples wishes so they'd help me, but they weren't helping and Java has nothing to do with the network adapter, so that was useless advice too.
Apple seem to have no idea there is a problem, even though Google has pages and pages of people saying the same as me, and their own discussion forums have thousands of people complaining https://discussions.apple.com/thread/2664670?start=0&tstart=0
Finally, late yesterday whilst speaking to d.ck head number 3 at Apple support, we found a forum post talking about a fix, 10.7.1 update. I told d. head number 3 about the update and he suggested I applied it. So I did and everything looked great, for a whole evening.
This morning, I switched on again and the same thing, slow remote desktop, choppy unusable phone. Remember the phone needs less than 20k for a conversation, thats 0.2 meg. Speedtest again showing a whole meg both ways.
I called apple support again, this time being a little forceful, and I've asked for this to be escalated, but the bottom line is - they have no fix, they don't aknowledge this as a problem and I was told LION is new, so maybe it's got a bug..
I told the guy on the phone this is a network driver issue, the intermittency of the problem shows that and the Apple's lack of settings for the network adapter means the unit is autonegotiating with the router and choosing speed and duplex settings on its own. Sometimes it does that correctly, other times not and the connection although fast has a lot of noise / packet loss / corruption.
I've found a workaround, you put the unit to sleep and wake it up again and it runs fast until the next shutdown. Not really acceptable seeing as I was paying for "the cream of the crop".
I will definately not be recommending Apple products, and i'll certainly not be replacing the Windows laptops in my business with Apple's toytown system- i'd go out of business if I had to rely on this.
All there is left now, is to look at Boot camp and see if I can wipe this waste of space linux hack from the unit and install Windows 7. -
VoIP Phones - Testing Latency, Jitter, and Packet Loss
I am having big problems with my VoIP phone connection and I'll try to lay it out clearly here.
The main telephone system resides at Location A (static IP address - see below - xxx.xxx.206.19), which has a network connection of 50MB down/20MB up (i.e., very fast). The VoIP phone configured for that system resides at Location B, which has a network connection of 10MB down/1MB up (i.e., also fast, or at least fast enough "on paper" for a quality VoIP connection). The LAN at Location A uses an Airport Extreme router, which does not have QOS or EF capability. The LAN at Location B uses a D-Link DIR-655 router which does have QOS that is configured properly to direct all traffic to the VoIP phone's IP address.
The VoIP phone at Location B is having intermittent call quality problems with skipping of words, hollowing out noises, jittery conversations, etc. All the inquiries I've made to the ISPs and phone system manufacturer (ESI) suggest that my base Internet speeds are not the problem.
I'm told, instead, that the problem might be latency, jitter, or packet loss between Location A and Location B. This leads to several questions:
(1) Is there any Mac software that can test latency, jitter, and packet loss? I've looked at Network Utility and it seems to only measure a few things.
(2) Does anyone see anything in the following Traceroute and Ping results (done twice from Location B to Location A) that looks problematic to VoIP quality?:
Traceroute:
First run: Traceroute has started…
traceroute to xxx.xxx.206.19 (xxx.xxx.206.19), 64 hops max, 72 byte packets
1 alfirving (192.168.0.1) 0.569 ms 0.363 ms 0.302 ms
2 10.72.28.1 (10.72.28.1) 27.567 ms 18.161 ms 22.288 ms
3 70.125.216.150 (70.125.216.150) 9.841 ms 10.346 ms 9.497 ms
4 24.164.209.116 (24.164.209.116) 11.042 ms 8.298 ms 9.433 ms
5 70.125.216.108 (70.125.216.108) 21.068 ms 20.657 ms 12.045 ms
6 te0-8-0-2.dllatxl3-cr01.texas.rr.com (72.179.205.48) 11.154 ms 11.540 ms 24.495 ms
7 107.14.17.136 (107.14.17.136) 11.994 ms 14.217 ms 15.816 ms
8 ae-3-0.pr0.dfw10.tbone.rr.com (66.109.6.209) 14.566 ms 32.670 ms 15.947 ms
9 ix-0-3-2-0.tcore2.dt8-dallas.as6453.net (209.58.47.105) 11.647 ms 12.260 ms 12.386 ms
10 if-2-2.tcore1.dt8-dallas.as6453.net (66.110.56.5) 10.023 ms 12.285 ms 12.338 ms
11 209.58.47.74 (209.58.47.74) 17.641 ms 16.741 ms 16.372 ms
12 0.ae2.xl3.dfw7.alter.net (152.63.97.57) 11.584 ms 12.315 ms 12.890 ms
13 0.so-6-1-0.dfw01-bb-rtr1.verizon-gni.net (152.63.1.90) 13.812 ms
0.ge-3-0-0.dfw01-bb-rtr1.verizon-gni.net (152.63.1.17) 18.831 ms
130.81.23.164 (130.81.23.164) 14.189 ms
14 p14-0-0.dllstx-lcr-05.verizon-gni.net (130.81.27.40) 14.561 ms 13.621 ms 15.544 ms
15 * * *
16 static-xxx.xxx.206.19.dllstx.fios.verizon.net (xxx.xxx.206.19) 23.125 ms 24.136 ms 22.411 ms
Second run: Traceroute has started…
traceroute to xxx.xxx.206.19 (xxx.xxx.206.19), 64 hops max, 72 byte packets
1 alfirving (192.168.0.1) 0.603 ms 0.420 ms 0.324 ms
2 10.72.28.1 (10.72.28.1) 40.494 ms 26.625 ms 14.152 ms
3 70.125.216.150 (70.125.216.150) 9.431 ms 9.660 ms 9.018 ms
4 24.164.209.116 (24.164.209.116) 16.293 ms 12.339 ms 19.252 ms
5 70.125.216.108 (70.125.216.108) 15.801 ms 11.438 ms 12.068 ms
6 te0-8-0-2.dllatxl3-cr01.texas.rr.com (72.179.205.48) 23.221 ms 30.459 ms 17.519 ms
7 107.14.17.136 (107.14.17.136) 14.611 ms 15.696 ms 15.775 ms
8 ae-3-0.pr0.dfw10.tbone.rr.com (66.109.6.209) 17.643 ms 14.812 ms 16.294 ms
9 ix-0-3-2-0.tcore2.dt8-dallas.as6453.net (209.58.47.105) 11.169 ms 12.374 ms 9.849 ms
10 if-2-2.tcore1.dt8-dallas.as6453.net (66.110.56.5) 16.453 ms 12.168 ms 12.384 ms
11 209.58.47.74 (209.58.47.74) 18.015 ms 14.867 ms 16.432 ms
12 0.ae2.xl3.dfw7.alter.net (152.63.97.57) 11.471 ms 11.993 ms 12.395 ms
13 0.ge-6-3-0.dfw01-bb-rtr1.verizon-gni.net (152.63.96.42) 14.077 ms 29.153 ms
0.ge-3-0-0.dfw01-bb-rtr1.verizon-gni.net (152.63.1.17) 17.962 ms
14 p14-0-0.dllstx-lcr-05.verizon-gni.net (130.81.27.40) 14.629 ms 12.297 ms 12.839 ms
15 * * *
16 static-xxx.xxx.206.19.dllstx.fios.verizon.net (xxx.xxx.206.19) 24.976 ms 22.170 ms 22.376 ms
Ping:
First Run: Ping has started…
PING xxx.xxx.206.19 (xxx.xxx.206.19): 56 data bytes
64 bytes from xxx.xxx.206.19: icmp_seq=0 ttl=242 time=22.814 ms
64 bytes from xxx.xxx.206.19: icmp_seq=1 ttl=242 time=24.621 ms
64 bytes from xxx.xxx.206.19: icmp_seq=2 ttl=242 time=24.711 ms
64 bytes from xxx.xxx.206.19: icmp_seq=3 ttl=242 time=24.109 ms
64 bytes from xxx.xxx.206.19: icmp_seq=4 ttl=242 time=23.336 ms
64 bytes from xxx.xxx.206.19: icmp_seq=5 ttl=242 time=25.644 ms
64 bytes from xxx.xxx.206.19: icmp_seq=6 ttl=242 time=27.755 ms
64 bytes from xxx.xxx.206.19: icmp_seq=7 ttl=242 time=25.135 ms
64 bytes from xxx.xxx.206.19: icmp_seq=8 ttl=242 time=22.443 ms
64 bytes from xxx.xxx.206.19: icmp_seq=9 ttl=242 time=24.635 ms
--- xxx.xxx.206.19 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 22.443/24.520/27.755/1.448 ms
Second Run: Ping has started…
PING xxx.xxx.206.19 (xxx.xxx.206.19): 56 data bytes
64 bytes from xxx.xxx.206.19: icmp_seq=0 ttl=242 time=27.183 ms
64 bytes from xxx.xxx.206.19: icmp_seq=1 ttl=242 time=24.629 ms
64 bytes from xxx.xxx.206.19: icmp_seq=2 ttl=242 time=22.511 ms
64 bytes from xxx.xxx.206.19: icmp_seq=3 ttl=242 time=39.620 ms
64 bytes from xxx.xxx.206.19: icmp_seq=4 ttl=242 time=26.722 ms
64 bytes from xxx.xxx.206.19: icmp_seq=5 ttl=242 time=23.183 ms
64 bytes from xxx.xxx.206.19: icmp_seq=6 ttl=242 time=25.171 ms
64 bytes from xxx.xxx.206.19: icmp_seq=7 ttl=242 time=24.412 ms
64 bytes from xxx.xxx.206.19: icmp_seq=8 ttl=242 time=23.837 ms
64 bytes from xxx.xxx.206.19: icmp_seq=9 ttl=242 time=23.785 ms
--- xxx.xxx.206.19 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 22.511/26.105/39.620/4.713 ms
(3) Any other ideas on what my call quality problem might be, or how I can tweak it? For example, would putting a DIR-655 router at Location A and enabling QOS really make a difference?
Thanks to everyone, and I hope this is not too long or difficult to understand.Hey thanks for your reply Yeah im only getting 1 ro sometimes 2 bars reception so hopefully the antenna will beef things up but I think it is what it is perhaps.
-
CUCM Security - Are Jitter, Latency and Packet Loss Stats in Clear Text ?
I've reviewed the Cisco Unified Communications Manager Security Guide and see no suggestion that implementing encryption prevents MoS scoring. In other words, when you implement encryption, do you still have access to jitter, latency and packet loss information in clear text?
TIA,
AmirWell.. the phones measure the statistics.
The phones then report the stats to CUCM for inclusion in the CMRs.
... as I recall this is done via SCCP.
So yes, it's clear text, unless your signalling is encrypted generally. On most clusters it's not.
Aaron -
Hello
I would like to track icmp jitter for end host. I verified in documentation that it can be any host as a destination. But i got error on this operation:
Latest RTT: NoConnection/Busy/Timeout
I verified that there is no firewall between the source and destination and icmp timestamp request works when done manually:
r01#ping
Protocol [ip]:
Target IP address: 10.23.33.6
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]: Timestamp
Number of timestamps [ 9 ]:
Loose, Strict, Record, Timestamp, Verbose[TV]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.23.33.6, timeout is 2 seconds:
Packet has IP options: Total option bytes= 40, padded length=40
Timestamp: Type 0. Overflows: 0 length 40, ptr 5
>>Current pointer<<
Time= 01:00:00.000 CET (00000000)
Time= 01:00:00.000 CET (00000000)
Time= 01:00:00.000 CET (00000000)
Time= 01:00:00.000 CET (00000000)
Time= 01:00:00.000 CET (00000000)
Time= 01:00:00.000 CET (00000000)
Time= 01:00:00.000 CET (00000000)
Time= 01:00:00.000 CET (00000000)
Time= 01:00:00.000 CET (00000000)
Reply to request 0 (4 ms). Received packet has no options
Reply to request 1 (4 ms). Received packet has no options
Reply to request 2 (1 ms). Received packet has no options
Reply to request 3 (1 ms). Received packet has no options
Reply to request 4 (1 ms). Received packet has no options
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r01#sh ip sla statistics 196
IPSLAs Latest Operation Statistics
IPSLA operation id: 196
Type of operation: icmp-jitter
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 12:45:21.019 CET Fri Nov 21 2014
Latest operation return code: Timeout
RTT Values:
Number Of RTT: 0 RTT Min/Avg/Max: 0/0/0
Latency one-way time:
Number of Latency one-way Samples: 0
Source to Destination Latency one way Min/Avg/Max: 0/0/0
Destination to Source Latency one way Min/Avg/Max: 0/0/0
Jitter Time:
Number of SD Jitter Samples: 0
Number of DS Jitter Samples: 0
Source to Destination Jitter Min/Avg/Max: 0/0/0
Destination to Source Jitter Min/Avg/Max: 0/0/0
Packet Late Arrival: 0
Out Of Sequence: 0
Source to Destination: 0 Destination to Source 0
In both Directions: 0
Packet Skipped: 0 Packet Unprocessed: 0
Packet Loss: 0
Loss Period Length Min/Max: 0/0
Number of successes: 0
Number of failures: 34
ip sla 197
icmp-jitter 10.23.33.6
frequency 30
ip sla schedule 197 life forever start-time now
Nov 21 12:57:43: IP SLAs(197) Scheduler: saaSchedulerEventWakeup
Nov 21 12:57:43: IP SLAs(197) Scheduler: Starting an operation
Nov 21 12:57:43: IP SLAs(197) icmpjitter operation: Starting icmpjitter operation
Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
Nov 21 12:57:49: IP SLAs(197) Scheduler: Updating result
Nov 21 12:57:49: IP SLAs(197) Scheduler: start wakeup timer, delay = 24796
Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
Nov 21 12:57:49: IP SLAs(197) icmpjitter operation: Timeout
Any help would be appreciated.Hi Jorge
According to Cisco documentation icmp-jitter should work on any IP Device.
I have a similar issue.
1. I can run icmp-jitter successfully to non cisco routers
2. it fails to run to a generic ip device.
Imran -
EEM- Email alert with IP SLA Based on Packet Loss
hi joseph,
i need your advise, i want to get alert email based on IP SLA Packet loss
the scenarion as below :
1. If the traffic hit threshold packet loss greater than 20% as long 15 minutes --> send email
2. If reset condition packet loss eq 0% as long 15 minutes --> send email again
I don't know how to configure it condition. could you help me to verify my configuration below?
ip sla logging traps
ip sla 1
icmp-jitter 10.216.0.105 source-ip 10.216.0.107 num-packets 100 interval 40
frequency 50
ip sla schedule 1 life forever start-time now
ip sla reaction-configuration 1 react Packetloss threshold-value 3 1 threshold-type immediate action-type trapOnly
ip sla enable reaction-alerts
event manager applet TEST
event syslog pattern "IP SLAs\(1\): Threshold exceeded"
action 2.0 mail server "10.240.0.10" to "[email protected]" from "[email protected]" subject "Alert for Intermittent Link" body "link intermittent in x %"
thank youWhat's you have could work with a few modifications. First, increase that threshold-value of 3 to 20. You can leave the falling threshold value of 1. You'll need to add another applet to match the falling threshold syslog message. Not sure exactly what that one will look like.
The first applet will look like this:
event manager environment q "
event manager applet ipsla-threshold-exceeded
event syslog pattern "IP SLAs\(1\): Threshold exceeded"
action 001 cli command "enable"
action 002 cli command "config t"
action 003 cli command "no event manager applet ipsla-healthy"
action 004 cli command "event manager applet ipsla-unhealthy"
action 005 cli command "event timer countdown time 900"
action 006 cli command "action 1.0 mail server $q 10.240.0.10$q to $q [email protected]$q from $q [email protected]$q subject $q Alert for Intermittent Link$q body $q link intermittent in 20 %$q"
action 007 cli command "action 2.0 cli command enable"
action 008 cli command "action 3.0 cli command $q config t$q"
action 009 cli command "action 4.0 cli command $q no event manager applet ipsla-unhealthy$q"
action 010 cli command "action 5.0 cli command end"
action 011 cli command "end"
And the second applet (the one where you'll need to fill in the appropriate syslog pattern) will look like:
event manager applet ipsla-threshold-normal
event syslog pattern "FALLING THRESHOLD PATTERN HERE"
action 001 cli command "enable"
action 002 cli command "config t"
action 003 cli command "no event manager applet ipsla-unhealthy"
action 004 cli command "event manager applet ipsla-healthy"
action 005 cli command "event timer countdown time 900"
action 006 cli command "action 1.0 mail server $q 10.240.0.10$q to $q [email protected]$q from $q [email protected]$q subject $q Link is stable$q body $q Link has been stable for 15 minutes$q"
action 007 cli command "action 2.0 cli command enable"
action 008 cli command "action 3.0 cli command $q config t$q"
action 009 cli command "action 4.0 cli command $q no event manager applet ipsla-healthy$q"
action 010 cli command "action 5.0 cli command end"
action 011 cli command "end" -
Percantage of packet loss on link
I am working with Cisco routers and i need somehow to find out packet loss percentage for each link (actual). I was trying to use ICMP Jitter IP SLA operation, which unfortunately returns only the number of dropped packets. So i need to get via SNMP the number of transferred packets on line to calculate the percentage. Which OID should i use to obtain this information?
Be careful, by definition a 10 Mbit half-duplex connection is equivalent to a single T1 of bandwidth, nothing even close to 6 Mbit of bandwidth. If you are running QoS (assuming CBWFQ and LLQ), based on a shaped parent policy equal to 6 Mbit you will definitely oversubscribe the 10 Mbit half-duplex connections by a significant margin.
The reason for this is that a T1 is 1.536 Mbit full-duplex (over 3 Mbit of bandwidth). A 10 Mbit half-duplex connection maxes out of usable bandwidth at about 30% utilization, with almost 100% packet loss (due to excessive collisions) at 40% utilization. As you can see, 40% utilization on a half-duplex 10 Mbit connection is equal to about 4 Mbit of bandwidth and a single T1 is over 3 Mbit of bandwidth. Again, not anywhere close to 6 Mbit of bandwidth.
Assuming you are shaping at 6 Mbit with a child CBWFQ and LLQ policy (you are shaping, right?), you will not be able to guarantee that rate of bandwidth which will crush your audio/video call.
Let me know if you have any questions/comments... -
Packet loss higher than 100% in SQL Reporting
One of our customers is having network problems and packet loss in their network - according to Lync. The network guys claim these values are unrealistic and there've been no dropped packets on their WAN network.
On the other side, I'm looking at a Call Details Report from Lync SQL Reporting and see this in the gateway leg information:
Audio Stream (Caller -> Callee)
Codec:
PCMU
Sample rate:
8000
Packet utilization:
285
Avg. packet loss rate:
51.20%
Max. packet loss rate:
79.52%
Avg. jitter:
0 ms
Max. jitter:
0 ms
Burst duration:
5980 ms
Burst gap duration:
1890 ms
Burst density:
100.00%
Burst gap density:
0.00%
Avg. concealed samples ratio:
60.00%
Avg. stretched samples ratio:
0.00%
Avg. compressed samples ratio:
0.00%
Avg. network MOS:
1.50
Min. network MOS:
1.50
Avg. network MOS degradation:
2.21
Max. network MOS degradation:
2.21
NMOS degradation (jitter):
0.00%
NMOS degradation (packet loss):
100.00%
Audio Stream (Callee -> Caller)
Codec:
PCMU
Sample rate:
8000
Audio FEC:
False
Bandwidth estimates:
Packet utilization:
146
Avg. packet loss rate:
900.00%
Max. packet loss rate:
900.00%
Avg. jitter:
1540 ms
Max. jitter:
4406 ms
Avg. round trip:
178 ms
Max. round trip:
179 ms
From this I feel there are things to troubleshoot. :-) but how come that Lync reports a 900% packet loss?
I thought that a 100% packet loss was everything... can someone tell me what exactly are these 100+ percentages?
Thanks in advance.latest patch level :) are you not seeing these values in your Server Performance reports?
The other thing that bugs me is when you have 1 call for 1 second with "900% loss", that would average down to get red values in the summary columns for the other 100 calls as well, as the calls are not counted for seconds, but just piece by piece.
So 8 perfect calls to this one above would average "100% packet loss per call" in the summary, which is just unusable... -
SLA ICMP-Jitter Operation problems
I'm trying to guage network performance using the UDP-jitter and ICMP-jitter operations for a specific network segment. We have a voice encoders that stream the audio over IP using UDP across the network. The issue we are experiencing is out-of-sequence packets; these packets show up as artefacts on the receiving end audio output. I understand that UDP is a connectionless protocol that doesn't provide any mechanism for sequencing. This is where teh SLA monitors come in.
I'm seeing statistics across the monitors that are inconsistent with each other. They aren't off just a little from each other; they are off quite a bit. The UDP-jitter operation (40006) isn't reporting any out-of-sequence packets (I can only see the last two hours, so I just changed the history to 24 hours). Operations 40001 and 40002 (ICMP-jitter) seem to report no packets as out-of-sequence or all packets as out-of-sequence. Operation 40002 is reporting around 50% packet loss. This is a false report. Operation 40006 is reporting 0% packet loss and the CODECs would be unusable if this were the case. Operations 50001 and 50002 were just configured so I don't have much history on them. Operation 50001 seems to be running clean, but 50002 has a lot of unprocessed packets.
You may have noticed that the operations that traverse the satellite link have a TOS of 172 (DSCP 43). This is done to ensure the the SLA monitor doesn't step on the CODEC traffic (DSCP EF, which is assigned to the LLQ). That's not to say that the traffic isn't prioritized; it is guaranteed bandwidth across the link. Also, there is no congestion on the network. I have also checked QoS policy-maps and there are no drops for the assoiciated queues. The circuits are up and stable. One circuit is a little dirty, but it the error rate is pretty low 0.003%.
So, my question is two part:
1. Why am I recieving out-of-sequence packets?
2. Has anyone else had this problem or a similar problem with the ICMP-jitter operation?
I have included a basic diagram and the statistics I have been able to collect thus far.Hi Jorge
According to Cisco documentation icmp-jitter should work on any IP Device.
I have a similar issue.
1. I can run icmp-jitter successfully to non cisco routers
2. it fails to run to a generic ip device.
Imran -
Hi everyone,
CRS1 IOS-XR 3.8 when i try to ping packet option and got packet loss as below and don't sure that XR limit for ping or not?
RP/0/RP0/CPU0:#ping 10.0.0.1 size 3000 count 1000 (ping to outside switch 3750)
Mon Oct 8 10:12:34.582 THAI
Type escape sequence to abort.
Sending 1000, 3000-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
if i user size 1500 don't have packet losss.
Can anyone explanation to me?
Thanks alot.
Kodos.Hello,
Above result is PING from CRS-1 to another switch, we try to vary packet size and found that if its size greather than 2800 then we always get 4 packets loss from 1000.
Can you please advice?
Thanks,
Rojarek -
Hi guys,
Our customer has a WAN network (DCoS) and has voice protected across it. I work for an integrator assisting the customer with their CPE routers end-to-end. Essentially CPE routers extend PSTN lines end-to-end over voice-ports and voip call legs between locations. On CPE routers we're seeing voice traffic being marked/matched end-to-end. We're pretty sure that the ISP is somehow shaping/causing delays on the voice traffic interstate but now we're trying to gather some evidence.
To help isolate, test and provide evidence we were planning on using UDP-Jitter in IP SLA. I've been trying to get this enabled on live routers without success due to the reason "No connection" in the initiators show output. An example of the "show ip sla statistics" on a production device is shown below:
SITE-1#show ip sla statistics
IPSLAs Latest Operation Statistics
IPSLA operation id: 100
Type of operation: udp-jitter
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 17:26:47 BNE Mon Jul 2 2012
Latest operation return code: No connection
RTT Values:
Number Of RTT: 0 RTT Min/Avg/Max: 0/0/0 milliseconds
Latency one-way time:
Number of Latency one-way Samples: 0
Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
Jitter Time:
Number of SD Jitter Samples: 0
Number of DS Jitter Samples: 0
Source to Destination Jitter Min/Avg/Max: 0/0/0 milliseconds
Destination to Source Jitter Min/Avg/Max: 0/0/0 milliseconds
Packet Loss Values:
Loss Source to Destination: 0
Source to Destination Loss Periods Number: 0
Source to Destination Loss Period Length Min/Max: 0/0
Source to Destination Inter Loss Period Length Min/Max: 0/0
Loss Destination to Source: 0
Destination to Source Loss Periods Number: 0
Destination to Source Loss Period Length Min/Max: 0/0
Destination to Source Inter Loss Period Length Min/Max: 0/0
Out Of Sequence: 0 Tail Drop: 0
Packet Late Arrival: 0 Packet Skipped: 0
Voice Score Values:
Calculated Planning Impairment Factor (ICPIF): 0
Mean Opinion Score (MOS): 0
Number of successes: 0
Number of failures: 1
Operation time to live: Forever
Number of failures continues to increase every 30 seconds or so. The configuration of SITE-1 is as follows:
SITE-1#show run | sec ip sla
ip sla 100
udp-jitter 10.2.2.2 16584 source-ip 10.1.1.1 source-port 16384
tos 30
owner NetFlow
timeout 60000
ip sla schedule 100 life forever start-time now
The configuration of SITE-2 (IP SLA Responder) is as follows:
SITE-2#show run | sec ip sla
ip sla responder
For the sake of privacy I've adjusted the IPs above as well as the router hostnames. The 10.2.2.2 IP lives on SITE-2's router and 10.1.1.1 lives on SITE-1's router.
If I do the above in GNS it works perfectly so I think something else is going on here. Either I've got a bug (doubt it) or something is preventing the UDP from connecting/responding for the IP SLA. Frustratingly, if I do a "show ip sla responder" on the SITE-2 router... it says it received the packets normally without error:
SITE-2#show ip sla responder
General IP SLA Responder on Control port 1967
General IP SLA Responder is: Enabled
Number of control message received: 123 Number of errors: 0
Recent sources:
10.1.1.1 [18:06:35.989 BNE Mon Jul 2 2012]
10.1.1.1 [18:06:30.989 BNE Mon Jul 2 2012]
10.1.1.1 [18:06:25.989 BNE Mon Jul 2 2012]
10.1.1.1 [18:05:35.989 BNE Mon Jul 2 2012]
10.1.1.1 [18:05:30.989 BNE Mon Jul 2 2012]
Recent error sources:
Permanent Port IP SLA Responder
Permanent Port IP SLA Responder is: Enabled
udpEcho Responder:
IP Address Port
If I enable trace debug ("debug ip sla trace") on SITE-1's router I get the following...
Jul 2 08:13:25.993: IPSLA-INFRA_TRACE:OPER:100 slaSchedulerEventWakeup
Jul 2 08:13:25.993: IPSLA-INFRA_TRACE:OPER:100 Starting an operation
Jul 2 08:13:25.993: IPSLA-OPER_TRACE:OPER:100 Starting jitter operation
Jul 2 08:13:25.993: IPSLA-OPER_TRACE:OPER:100 Ctrl msg: id=116, type=1, len=52, dest_ip=10.2.2.2, enablePort=16584, duration=60200
Jul 2 08:13:25.993: IPSLA-OPER_TRACE:OPER:100 table_id=0, topo_id=65535
Jul 2 08:13:30.993: IPSLA-OPER_TRACE:OPER:100 Timeout
Jul 2 08:13:30.993: IPSLA-OPER_TRACE:OPER:100 Ctrl msg: id=117, type=1, len=52, dest_ip=10.2.2.2, enablePort=16584, duration=60200
Jul 2 08:13:30.993: IPSLA-OPER_TRACE:OPER:100 table_id=0, topo_id=65535
Jul 2 08:13:35.993: IPSLA-OPER_TRACE:OPER:100 Timeout
Jul 2 08:13:35.993: IPSLA-OPER_TRACE:OPER:100 Ctrl msg: id=118, type=1, len=52, dest_ip=10.2.2.2, enablePort=16584, duration=60200
Jul 2 08:13:35.993: IPSLA-OPER_TRACE:OPER:100 table_id=0, topo_id=65535
Jul 2 08:13:40.993: IPSLA-OPER_TRACE:OPER:100 Timeout
Jul 2 08:13:40.993: IPSLA-OPER_TRACE:OPER:100 No connection
Jul 2 08:13:40.993: IPSLA-INFRA_TRACE:OPER:100 Updating resultChecked the ports and found I am using different ones on each VoIP gateway. I just added a new operation with a totally unique port that I know is not in use on the source or destination and it still failed:
voipgw02(config)#ip sla 4033
voipgw02(config-ip-sla)# udp-jitter 10.205.50.5 17333 source-ip 10.225.50.5 codec g711ulaw codec-numpackets 100
voipgw02(config-ip-sla-jitter)# tos 184
voipgw02(config-ip-sla-jitter)# timeout 18000
voipgw02(config-ip-sla-jitter)# threshold 1000
voipgw02(config-ip-sla-jitter)# frequency 30
voipgw02(config-ip-sla-jitter)#ip sla schedule 4033 life forever start-time now ageout 3600
voipgw02#sh ip sla stat
IPSLAs Latest Operation Statistics
IPSLA operation id: 4033
Type of operation: udp-jitter
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 21:47:43 EDT Mon Sep 3 2012
Latest operation return code: No connection
RTT Values:
Number Of RTT: 0 RTT Min/Avg/Max: 0/0/0 milliseconds
Latency one-way time:
Number of Latency one-way Samples: 0
Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
Jitter Time:
Number of SD Jitter Samples: 0
Number of DS Jitter Samples: 0
Source to Destination Jitter Min/Avg/Max: 0/0/0 milliseconds
Destination to Source Jitter Min/Avg/Max: 0/0/0 milliseconds
Packet Loss Values:
Loss Source to Destination: 0
Source to Destination Loss Periods Number: 0
Source to Destination Loss Period Length Min/Max: 0/0
Source to Destination Inter Loss Period Length Min/Max: 0/0
Loss Destination to Source: 0
Destination to Source Loss Periods Number: 0
Destination to Source Loss Period Length Min/Max: 0/0
Destination to Source Inter Loss Period Length Min/Max: 0/0
Out Of Sequence: 0 Tail Drop: 0
Packet Late Arrival: 0 Packet Skipped: 0
Voice Score Values:
Calculated Planning Impairment Factor (ICPIF): 0
Mean Opinion Score (MOS): 0
Number of successes: 0
Number of failures: 1
Operation time to live: Forever
Do you know if there are any licensing issues?
barvoipgw02#show ip sla appl
IP Service Level Agreements
Version: Round Trip Time MIB 2.2.0, Infrastructure Engine-III
Supported Operation Types:
icmpEcho, path-echo, path-jitter, udpEcho, tcpConnect, http
dns, udpJitter, dhcp, ftp, VoIP, rtp, icmpJitter
802.1agEcho VLAN, Port, 802.1agJitter VLAN, Port, udpApp
wspApp
Supported Features:
IPSLAs Event Publisher
IP SLAs low memory water mark: 63126085
Estimated system max number of entries: 46234
Estimated number of configurable operations: 39313
Number of Entries configured : 3
Number of active Entries : 3
Number of pending Entries : 0
Number of inactive Entries : 0
Time of last change in whole IP SLAs: .21:47:43.954 EDT Mon Sep 3 2012 -
Wrong direction of Packet loss
Recently,I capture some RTP packets when user meeting the dialogue jitter and latency.
User A using the 3951 ip phone (IP address is x.x.125.206, and x.x.200.165 is the voice gateway's ip address ) , and user B using a mobile phone.
User A responds to me that she can't hear user B clearly.
This reflect to packets capture result should be packet lost at the in direction.
But the capture result show that packets loss happen at the out direction.
Could any body explain it for me?
Thanks a lot!Probably you have captured RTP traffic near the voice gateway. Right?
I suppose that you have bidirectional packet loss.
In this case, if you use wireshark near one of the sources you can observe only one direction loss.
You must try to use wireshark in both network segments.
P.S. in the bottom of the your image we can see ip addresses of your net.
Regards. -
Packet Loss after Reboot of ASA 5510
Hi all,
I have an ASA and a 2811 behind it and I had to replace a battery on a UPS so I had to take down the network to do it. Before doing it the network ran fine, but I did a WR MEM and a Copy RUNNING to STARTUP config thinking that the configs I had were fine. At some point in the past I must of made a change and never applied it and maybe it is causing the issue, but I am at a loss as to what is the cause. I am getting consistent packet loss from the ASA out. Any address I ping on the inside is clear and quick. Also, I do not know if it is related, but I cannot get results from TRACE ROUTES and I believe I used to.
I have confirmed the PL is related to my network, if I plug the static IP info from the provider in to a laptop, it is clear. I am at my wits end, and I know just enough to be dangerous, so any help would be appreciated.
Here are my configs:
ASA5510# sh run
: Saved
ASA Version 9.1(4)
hostname ASA5510
domain-name m.int
enable password encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd encrypted
names
dns-guard
interface Ethernet0/0
description LAN Interface
nameif Inside
security-level 100
ip address 10.10.1.1 255.255.255.252
interface Ethernet0/1
description WAN Interface
nameif Outside
security-level 0
ip address 68.233.x.x 255.255.255.128
interface Ethernet0/2
description DMZ
nameif DMZ
security-level 100
ip address 10.10.0.1 255.255.255.252
interface Ethernet0/3
description VOIP
nameif VOIP
security-level 100
ip address 10.10.2.1 255.255.255.252
interface Management0/0
management-only
shutdown
nameif management
security-level 0
no ip address
boot system disk0:/asa914-k8.bin
ftp mode passive
dns domain-lookup Inside
dns domain-lookup Outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
name-server 68.233.xx.5
name-server 68.233.xx.6
domain-name m.int
same-security-traffic permit inter-interface
object network ROUTER-2811
host 10.10.1.2
object network ROUTER-2821
host 10.10.0.2
object network WEBCAM-01
host 192.168.1.5
object network DNS-SERVER
host 192.168.1.2
object network ROUTER-3745
host 10.10.2.2
object network RDP-DC1
host 192.168.1.2
object network BLUE
host 192.168.1.6
description Blue Iris Server
object network M_LAP_LEA
host 192.168.1.20
description Laptop from LEA
object-group network PAT-SOURCE
network-object 10.10.1.0 255.255.255.252
network-object 10.10.0.0 255.255.255.252
network-object 10.10.2.0 255.255.255.252
network-object 192.168.0.0 255.255.255.0
network-object 172.16.10.0 255.255.255.0
network-object 172.16.20.0 255.255.255.0
network-object 128.162.1.0 255.255.255.0
network-object 128.162.10.0 255.255.255.0
network-object 128.162.20.0 255.255.255.0
network-object 192.168.1.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.20.0 255.255.255.0
network-object 172.16.1.0 255.255.255.0
network-object 162.128.1.0 255.255.255.0
network-object 162.128.10.0 255.255.255.0
network-object 162.128.20.0 255.255.255.0
network-object 142.16.1.0 255.255.255.0
network-object 142.16.10.0 255.255.255.0
network-object 142.16.20.0 255.255.255.0
object-group network DM_INLINE_NETWORK_2
network-object host 98.22.xxx
object-group network Outside_access_in
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object gre
access-list USERS standard permit 10.10.1.0 255.255.255.0
access-list Outside_access_in extended permit tcp host 98.22.xxx object ROUTER-2811 eq ssh
access-list Outside_access_in extended permit tcp host 98.22.xxx object ROUTER-2821 eq ssh
access-list Outside_access_in extended permit tcp host 98.22.xxx interface Outside eq https
access-list Outside_access_in extended permit tcp host 98.22.xxx object WEBCAM-01 eq www inactive
access-list Outside_access_in extended permit tcp host 98.22.xxx object RDP-DC1 eq xxxx
access-list Outside_access_in extended permit tcp host 98.22.xxx object BLUE eq xxxx
access-list Outside_access_in extended permit tcp host 98.22.xxx object ROUTER-3745 eq ssh
access-list Outside_access_in extended permit tcp any object BLUE eq xxxx
access-list dmz-access-vlan1 extended permit ip 128.162.1.0 255.255.255.0 any
access-list dmz-access remark Permit all traffic to DC1
access-list dmz-access extended permit ip 128.162.1.0 255.255.255.0 host 192.168.1.2
access-list dmz-access remark Permit only DNS traffic to DNS server
access-list dmz-access extended permit udp 128.162.1.0 255.255.255.0 host 192.168.1.2 eq domain
access-list dmz-access remark Permit ICMP to all devices in DC
access-list dmz-access extended permit icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list dmz-access remark Permit all traffic to DC1
access-list dmz-access remark Permit only DNS traffic to DNS server
access-list dmz-access remark Permit ICMP to all devices in DC
pager lines 24
logging enable
logging asdm informational
mtu Inside 1500
mtu Outside 1500
mtu DMZ 1500
mtu VOIP 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
icmp deny any Outside
asdm image disk0:/asdm-715.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network ROUTER-2811
nat (Inside,Outside) static interface service tcp ssh x
object network ROUTER-2821
nat (DMZ,Outside) static interface service tcp ssh x
object network WEBCAM-01
nat (Inside,Outside) static interface service tcp www x
object network ROUTER-3745
nat (VOIP,Outside) static interface service tcp ssh x
object network RDP-DC1
nat (Inside,Outside) static interface service tcp xxxx xxxx
object network BLUE
nat (Inside,Outside) static interface service tcp xxxx xxxx
nat (any,Outside) after-auto source dynamic any interface
access-group Outside_access_in in interface Outside
route Outside 0.0.0.0 0.0.0.0 68.233.151.1 1
route DMZ 128.162.1.0 255.255.255.0 10.10.0.2 1
route DMZ 128.162.10.0 255.255.255.0 10.10.0.2 1
route DMZ 128.162.20.0 255.255.255.0 10.10.0.2 1
route VOIP 142.16.1.0 255.255.255.0 10.10.2.2 1
route VOIP 142.16.10.0 255.255.255.0 10.10.2.2 1
route VOIP 142.16.20.0 255.255.255.0 10.10.2.2 1
route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1
route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1
route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1
route Inside 192.168.10.0 255.255.255.0 10.10.1.2 1
route Inside 192.168.20.0 255.255.255.0 10.10.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server PNL-RADIUS protocol radius
aaa-server PNL-RADIUS (Inside) host 192.168.1.2
key *****
radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 Inside
http 98.22.xxx 255.255.255.255 Outside
snmp-server host Inside 192.168.1.2 community ***** version 2c udp-port 161
snmp-server location Lovington NM USA
snmp-server contact Mitchell Tuckness
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Inside
ssh 98.22.xxx 255.255.255.255 Outside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 24.56.178.140 source Outside prefer
username xxxx password x encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
inspect pptp
class class-default
user-statistics accounting
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
password encryption aes
hpm topN enable
Cryptochecksum:949189d67866f6c09450769d41649992
: end
C2811#sh run
Building configuration...
Current configuration : 3925 bytes
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname C2811
boot-start-marker
boot system flash
boot-end-marker
enable secret 4 DWJfYBf6KhkIRmhhIhx8ibAAXVGQWjwfuyzfaX4Im8M
aaa new-model
aaa session-id common
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip domain name maladomini.int
ip name-server 192.168.1.2
ip name-server 8.8.8.8
ip name-server 68.233.xxx.x
ip name-server 68.233.xxx.x
no vlan accounting input
multilink bundle-name authenticated
password encryption aes
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-1290569776
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1290569776
revocation-check none
rsakeypair TP-self-signed-1290569776
crypto pki certificate chain TP-self-signed-1290569776
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323930 35363937 3736301E 170D3134 30313035 30363130
33395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32393035
36393737 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B18F F63C5121 00785DE0 854601BA EE77DAA3 21286D8C 6E700C37 237CC1BE
611023AF FBE04BBE 7B4B3233 E4E129DD A74604E5 62AA39BF 77F98D5D D63944E9
2345AE37 D93C5753 E425E85A EB22C2C9 CFC5D1A0 F800449B 0419A5C8 A0A101EC
02928172 7B30A609 71ADA3D4 68F4F484 AF2B3249 0E225DB2 C72C136A E670D761
DDE30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1461F6DE 8EF50F7B 0E46359F 421EA106 9375F65F 30301D06
03551D0E 04160414 61F6DE8E F50F7B0E 46359F42 1EA10693 75F65F30 300D0609
2A864886 F70D0101 05050003 81810049 BA55F695 8525265F ED2D77EE 8706BF10
63A7E644 202F6663 9EA5551F 47F7FC50 D4021EDD E3DC5A80 39FD161A C337D20D
71B98875 0F1FE887 649E81D3 F93F7A1B A1E18B99 A77B1A59 84DB4711 867913FD
044084FB 651ECA6E C6EDF35C E43A2946 8C01781E 26DB9484 C8740A82 4A7CA266
A0655526 CBCB4982 F30D68E9 D70753
quit
license udi pid CISCO2811 sn FTX1041A07T
username admin secret 5 $1$iBeC$8dqYMcpTex8gtUfannzox.
username xxxx privilege 15 secret 4 DWJfYBf6KhkIRmhhIhx8ibAAXVGQWjwfuyzfaX4Im8M
redundancy
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh version 2
interface FastEthernet0/0
description CONNECTION TO INSIDE INT. OF ASA
ip address 10.10.1.2 255.255.255.252
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1
no ip address
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1.1
description VLAN 10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip helper-address 192.168.1.2
ip virtual-reassembly in
interface FastEthernet0/1.2
description VLAN 20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip helper-address 192.168.1.2
ip virtual-reassembly in
interface FastEthernet0/1.3
description Trunk Interface VLAN 1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.1.2
ip virtual-reassembly in
interface Dialer0
no ip address
ip default-gateway 10.10.1.1
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip dns server
ip route 0.0.0.0 0.0.0.0 10.10.1.1
ip ospf name-lookup
access-list 1 permit any
dialer-list 1 protocol ip permit
snmp-server community Maladomini-RW RW
tftp-server system:running-config 1
control-plane
line con 0
exec-timeout 0 0
password 7 101D58415D361606050A147A
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 0527031B2C49470758
transport input ssh
scheduler allocate 20000 1000
end
2821:
C2821#sh run
Building configuration...
Current configuration : 4128 bytes
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname C2821
boot-start-marker
boot system flash
boot-end-marker
enable secret 4 x
aaa new-model
aaa session-id common
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip domain name maladomini.int
ip name-server 192.168.1.2
ip name-server 8.8.8.8
ip name-server 68.233.xxx.x
ip name-server 68.233.xxx.x
no vlan accounting input
multilink bundle-name authenticated
password encryption aes
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-3335929422
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3335929422
revocation-check none
rsakeypair TP-self-signed-3335929422
crypto pki certificate chain TP-self-signed-3335929422
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333335 39323934 3232301E 170D3134 30313135 30333537
32385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33333539
32393432 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AF6D 8C23745E 80AA83AC BE0243DD C8F8EC56 85BBE495 EF790354 B7E81921
4C46CE35 F840420A 8385D3E3 B7B14EDF F4A8DB51 1A29E0ED A2704F69 9632ED7E
5F66E546 486B2821 FB77266F 950D351E 13AA18FE 687643F6 FB9BF95F E56A0195
19B8A7B6 7A582357 2517F08E 5E3BA197 2CD71E3E 32AB4B96 412E9AE3 1932A218
7A1F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14A86115 C2CA9E15 399B2A9C 21585323 1E2F3D98 45301D06
03551D0E 04160414 A86115C2 CA9E1539 9B2A9C21 5853231E 2F3D9845 300D0609
2A864886 F70D0101 05050003 81810028 81D8F701 D6AFDC54 94A93185 1E5F4DAC
4DBF50B7 30B57ABD D1612E69 D964B77A A379F55C 7E823F42 4D01440C B237DED9
6B8047B7 0496D8BB BD7EAC18 E6ACA1B1 3B527172 4A7B0D7B 4A031168 F99B171D
D217CB06 2F31E4DF FD9AC1C9 1199869A 34E90671 5611A6DA 7CC6A7B0 A39F78FB
B3932E37 4B302779 E761DB00 AFA7CC
quit
license udi pid CISCO2821 sn FTX1327AH7A
username x privilege 15 secret 4 x
redundancy
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh version 2
interface GigabitEthernet0/0
description CONNECTION TO INSIDE INT. OF ASA
ip address 10.10.0.2 255.255.255.252
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1.1
description VLAN 10
encapsulation dot1Q 10
ip address 128.162.10.1 255.255.255.0
ip helper-address 192.168.1.2
ip virtual-reassembly in
interface GigabitEthernet0/1.2
description VLAN 20
encapsulation dot1Q 20
ip address 128.162.20.1 255.255.255.0
ip helper-address 192.168.1.2
ip virtual-reassembly in
interface GigabitEthernet0/1.3
description Trunk Interface VLAN1
encapsulation dot1Q 1 native
ip address 128.162.1.1 255.255.255.0
ip helper-address 192.168.1.2
ip virtual-reassembly in
interface Serial0/0/0
no ip address
shutdown
interface Serial0/1/0
no ip address
shutdown
interface Serial0/2/0
no ip address
shutdown
interface Dialer0
no ip address
ip default-gateway 10.10.0.1
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip dns server
ip route 0.0.0.0 0.0.0.0 10.10.0.1
ip ospf name-lookup
access-list 1 permit any
dialer-list 1 protocol ip permit
snmp-server community Maladomini-RW RW
snmp-server host 192.168.1.2 version 2c Maladomini-RW envmon cpu snmp
control-plane
line con 0
exec-timeout 0 0
password 7 101D58415D361606050A147A
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 15415A545C0B2F29213D0B73
transport input ssh
scheduler allocate 20000 1000
end
POE Switch:
C3560#sh run
Building configuration...
Current configuration : 7368 bytes
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname C3560
boot-start-marker
boot-end-marker
enable secret 5 $1$wzS5$Kl0aHmGjOrfNL8H8QN9gJ1
enable password 7 091F1F514124131F02023A7B
username mtuckness privilege 15 secret 5 $1$j68Z$ObA6K7Qc2Vsmyu479Hlh6/
aaa new-model
aaa session-id common
clock timezone MST -7
system mtu routing 1500
ip domain-name maladomini.int
password encryption aes
crypto pki trustpoint TP-self-signed-2488747392
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2488747392
revocation-check none
rsakeypair TP-self-signed-2488747392
crypto pki certificate chain TP-self-signed-2488747392
certificate self-signed 01
3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343838 37343733 3932301E 170D3933 30333031 30303031
30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34383837
34373339 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B715 1CCA0EFB 6D550F27 A4B9F403 7D1CBCCE AB363F89 61AF4773 64351010
AB866AA6 411463BC A7D9C6E3 0CA4EEEC 47C50D33 2F904AD1 8FC5B10B 8F204157
FB5B3A4C 78BD4BDF 14F79CCC D9A0E10B 909BF5BA 095BB9AC 722197D4 3C2CB70B
15D2A221 5FF8BC03 6A642B36 437B9E22 858BF597 F1844026 5DAF2114 EF75718D
EC3B0203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603
551D1104 18301682 14433335 36302E6D 616C6164 6F6D696E 692E696E 74301F06
03551D23 04183016 8014D364 9162E0D2 C7936513 1E1C677C 73D675EC 37FF301D
0603551D 0E041604 14D36491 62E0D2C7 9365131E 1C677C73 D675EC37 FF300D06
092A8648 86F70D01 01040500 03818100 2DE49969 2E9C7A81 E96B97A8 7E15BC69
2DA62233 C958092D 2E51DD59 526DA795 CBFE219E 3536852A 5F71A90A BF5016E0
F93FA6F7 55D9BA23 52A2858E B927E0FB B3DC6B20 28FBD64C 6FA956EC 3E6E8756
F12F7182 538D13AE E343674E 41A1BDE1 A42579F2 8070FC92 5C805995 7BA25FA5
3A89C4E5 C6B2D76F FF2C1CF9 6A8DF631
quit
spanning-tree mode pvst
spanning-tree portfast bpduguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
vlan internal allocation policy ascending
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh version 2
interface FastEthernet0/1
switchport mode access
spanning-tree portfast
interface FastEthernet0/2
switchport mode access
spanning-tree portfast
Removed interfaces
interface GigabitEthernet0/1
description CONNECTION TO 2821 ROUTER - TRUNK
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20
switchport mode trunk
interface GigabitEthernet0/2
interface GigabitEthernet0/3
interface GigabitEthernet0/4
interface Vlan1
ip address 128.162.1.3 255.255.255.0
ip helper-address 192.168.1.2
no ip route-cache
no ip mroute-cache
interface Vlan10
ip address 128.162.10.3 255.255.255.0
ip helper-address 192.168.1.2
interface Vlan20
ip address 128.192.20.3 255.255.255.0
ip helper-address 192.168.1.2
ip default-gateway 10.10.0.2
no ip classless
ip http server
ip http authentication local
ip http secure-server
access-list 1 permit any
snmp-server community Maladomini-RW RO
snmp-server location Lovington NM USA
line con 0
exec-timeout 0 0
password 7 075C701416281D081E1C355D
line vty 0 4
password 7 0527031B2C49470758
transport input ssh
line vty 5 15
exec-timeout 0 0
password 7 05585757796D4A04100B2943
endI located the issue of the packet loss. I have a security system that uploads FTP images of the cameras and after the reboot of the network, the only computer that wasn't shut down was the security camera PC.
So I think what happened was after I brought everything back up, it was saturating the outgoing bandwidth, causing packet loss and high latency. Once I determined what it was and shut off the FTP image upload, the pings stabilized and it is working fine now. Trace routes are still not functioning, but I can live without that for now. -
What can I do about Packet Loss?
Hey Verizon Community,
As the title says, what can I do about packet loss?
I have been having network spike issues in the video game Starcraft II, and Blizzard support told me to run a pathping to their servers (pathping pasted below). Upon doing that, I discovered that in hop 4, also known as G0-5-4-5.BLTMMD-LCR-22.verizon-gni.net [130.81.191.214], there was 2% packet loss. What can I do about this? Who can I contact to try and get this resolved?
PATHPING TO BLIZZARD SERVERS:
Tracing route to 12.129.202.154 over a maximum of 30 hops
0 Mitch-PC [10.0.0.2]
1 10.0.0.1
2 Wireless_Broadband_Router.home [192.168.1.1]
3 L100.BLTMMD-VFTTP-40.verizon-gni.net [96.244.79.1]
4 G0-5-4-5.BLTMMD-LCR-22.verizon-gni.net [130.81.191.214]
5 ae1-0.PHIL-BB-RTR1.verizon-gni.net [130.81.209.238]
6 * * *
Computing statistics for 125 seconds...
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
0 Mitch-PC [10.0.0.2]
0/ 100 = 0% |
1 0ms 0/ 100 = 0% 0/ 100 = 0% 10.0.0.1
0/ 100 = 0% |
2 0ms 0/ 100 = 0% 0/ 100 = 0% Wireless_Broadband_Router.home [192.168.1.1]
0/ 100 = 0% |
3 10ms 0/ 100 = 0% 0/ 100 = 0% L100.BLTMMD-VFTTP-40.verizon-gni.net [96.244.79.1]
0/ 100 = 0% |
4 11ms 2/ 100 = 2% 2/ 100 = 2% G0-5-4-5.BLTMMD-LCR-22.verizon-gni.net [130.81.191.214]
0/ 100 = 0% |
5 23ms 0/ 100 = 0% 0/ 100 = 0% ae1-0.PHIL-BB-RTR1.verizon-gni.net [130.81.209.238]
Trace complete.Actually it means nothing since its in the middle of the tracert. Probably the server supports the ping, but at a very low priority so the packets are being counted as lost. Many servers don't even respond to tracert.
Maybe you are looking for
-
Abap users autorization for BO BI reports (made in Design Studio) on HANA data
Hello! We are bit new to BO BI and Design Studio. Cauld you help us? BO BI reports must represent SAP HANA data. We have a lot of users in ERP with their roles. We need accordingly restrict users access to certain values for group of users in given
-
Hi All, After creating the Service Ticket in ICWC it showing an error that Enter Organization Unit sales. I have Created new Org Structure and assigned Profile to it and under that i have created position and under that i have assigned a user.When i
-
Save movie Clip in frame as jpeg
We Are Developing A web Application as the following : the Client Can select A template then Write words on over it and Save the Template as Jpeg format ,we did the first part ,how we can save the movie Clip as JPEG format ,I looked in the Bitmap cla
-
Imaging Collection Rule Issues.
Part of the problem is that I have "Status Filter Rule" in the Site Configuration. It is checking for message ID 11171 from the "Task Sequence Manager", this runs a script to remove the computer from the reimage collection. Right now, the compute
-
Java 1.5 for Mac OS X 10.3.9
Hi, I have a program that requires Java 1.5. I have a Power MAC with Mac OS X 10.3.9, and I have not been able to find a way to update my Java to 1.5. The highest I can find is 1.4. Does anyone know where I could find the download to update my Mac to