Router Network Interface Analysis

Router Network Interface Analysis
We will introduce and analyze vro network interfaces in the following aspects.
1) interface and Activity Status
(2) Hardware type of the interface provided by the hardware field
(3) Internet address
(4) MTU
(5) BW
(6) DLY
(7) Reliability
(8) Load
(9) Encapsulation
(10) Send back
(11) ARP type
(12) ARP timeout
(13) Final Input and Output
(14) Output interruption
(15) last cleanup
(16) queuing Policy
(17) queue messages
(18) 5-minute I/O Rate
(19) group and byte Input
(20) No Buffer
(21) broadcast received
(22) Runts
(23) Giants
(24) Throttles
Instance:
Router # show interface e0/0
Ethernet0/0 is up, line protocol is down
Hardware is AmdP2, address is 0009.4375.5e20 (bia 0009.4375.5e20)
Internet address is 192.168.1.53/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
Reliability 172/255, txload 3/255, rxload 39/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:07, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output
Drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
50 packets output, 3270 bytes, 0 underruns
50 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
50 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
(1) interface and Activity Status
In the above display, the content indicates that the hardware interface is active, and the software process for processing the line protocol is believed to be available. If the router operator disconnects the hardware interface, the first field displays the information is administratively down. if the vroabled receives more than 5000 errors during the active interval, the word "Disabled" appears in this field to show that the connected vro automatically disables this port. The row protocol field also displays one of the three previously mentioned descriptions: up, down, and administratively down. if the field item is up, it indicates that the interface is available for processing the line protocol and software process, because she is receiving keepalives for the same purpose, and other devices can determine whether a idle connection is still active. For Ethernet interfaces, the default value of Keepalives is 10 s. We will soon notice that the Keepalives settings can be obtained by using the show interfaces command for a specific interface. You can use the keepalive interface command to change the keepalives settings. The command format is as follows: Keepalive seconds
(2) Hardware type of the interface provided by the hardware field
In the preceding example, the hardware is CISCO extended bus (CxBus) Ethernet, namely the 533-Mbps data bus of the interface processor. Therefore, the hardware notifies us that the high-speed CxBus interface processor is used to support Ethernet connections. Note that the display field includes the Mac address of the interface. Mac is 48-bit long. Because the first 24 digits of the Mac address represent the manufacturer ID, The hexadecimal number 00-10-79 is the identifier assigned to Csico by IEEE.
(3) Internet address
If an interface is configured for an IP route, an Internet address is assigned to it. This address is followed by its subnet mask. The IP address is 205.141.192.1/24. The backslash (/) indicates that the first 24 bits of the address represent the network, and the backslash (/) is equal to 255.255.255.0.
(4) MTU
The maximum transmission unit (MTU) indicates the maximum number of bytes supported by the Information Field of the protocol running on the interface. Because the maximum length of the Ethernet bytes information field is 1500 bytes, its MTU is displayed as 1500 bytes. For almost all Ethernet applications, the default 1500-byte MTU should be valid. The default MTU value for a ring is 8192 bytes. However, you must note that the recommended MTU value for RFC1191 is 17914 for a 16-Mbps ring and 4464 for a 4-Mbps ring. The minimum MTU is 64 bytes, and the maximum value is 65535 bytes. If the IP datagram exceeds the maximum MTU, It is segmented, which adds additional overhead because each final datagram contains its own header. Although in high-speed LAN connections, there is usually no need to worry about extra overhead related to segments, this may be a serious problem on low-speed serial interfaces. You can use the MTUinterface command to change the default MTU. The command format is as follows:
Mtu bytes
The number of bytes can be from 64 ~ 6553.
(5) BW
The interface bandwidth (BW) usually refers to the operation rate of the interface, expressed in kilobytes per second. Because the Ethernet speed is 10 Mbps, the BW value is 10 000Kb.
You can use the Bandwidth command to set the information Bandwidth value, but you don't actually need it to adjust the Bandwidth of the interface, because the Bandwidth is fixed for some types of media, such as Ethernet. For other media, such as serial lines, the operating rate is usually adjusted by adjusting the hardware. For example, you can set different clock rates on DSU/CSU to increase or decrease the running rate of the serial interface. Therefore, the main purpose of the bandwidth command is to enable the current bandwidth to communicate with high-level protocols. You can use the following command format to set the bandwidth value. A thousand bits represent the bandwidth expressed in kilobytes per second. Bandwidth kilobits
(6) DLY
This field indicates the interface latency, expressed in microseconds. Ethernet latency (DLY) is 1000 s. You can use the delay interface command to set the latency value for the interface. The command format is as follows:
Delay tens-of-microseconds
(7) Reliability
The Reliability field indicates the reliability of the interface, expressed by the number of parts in 255. The value displayed in this field is calculated by the power average value within 5 minutes. Because Ethernet calculates CRC for each worker, the reliability is based on the CRC error rate rather than the bit error rate. 255/255 indicates that the interface is 100% reliable within 5 minutes.
Although there is no reliability command, one of the important commands that can be considered for regular use is the clear conuter EXEC command. The function of this command is to clear or reset the interface counter. The general format of this command depends on the vro in use. The second format is shown below for the Cisco7000 series products:
Clear counter [type number]
Clear counter [type slot/port]
Type indicates the specific interface type. If you do not specify a specific interface, all interfaces are cleared.
(8) Load
The sending and receiving loads on the interface are displayed as the number of parts per 255. Similar to the reliability field, the load field also calculates the power average value within 5 minutes. As can be seen from the above, the send (Txload) load is 3/255, And the receive (rxload) load is 39/255. Because the Ethernet running rate is 10 Mbps, You can multiply each score by the running rate to obtain a general indication of Interface Activity. This is because each Ethernet subnet has at least 26 additional bytes, and when the information field is less than 45 bytes, the PAD character will be added to the information field.
(9) Encapsulation
This field indicates the encapsulation method assigned to the interface. In the preceding example, encapsulation is shown as ARPA, which is a standard Ethernet 2.0 encapsulation method. Other encapsulation methods include the IEEE 802.3 Ethernet keyword iso1 and the IEEE 802.3 protocol keyword snap (subnet Access Protocol) protocol variation.
(10) Send back
The return field indicates whether the interface is in the running return mode. If you set send-back, this is a common problem that occurs when a technician puts the interface into the send-back interface for testing at night and forgets to reset send-back, this will lead to some interesting calls to the control center the next morning.
You can use the Loopback interface setting command to place the interface in the running return mode. The Loopback command has no parameters. Use the no Loopback command to delete or disable the send back command. The following example shows how to set the Ethernet interface to the return mode.
Interface ethernet0/0
Loopback
You can use show interface loopback.
EXEC command to view the status of the delivery. If your vro has a large number of interfaces and technicians perform regular inspections, it is a good idea to use this command early in the morning to avoid unnecessary problems.
(11) ARP type
This field indicates the allocated Address Resolution Protocol (ARP) type. In an IP environment, the ARP type is ARPA. By default, the Ethernet interface uses the ARPA keyword to encapsulate the ARPA on the specified IP interface. You can use the arp interface command to change the encapsulation to hp probe or SNAP. The command format is as follows:
Arp {arpa/probe/snap}
Note HP
Probe is used by IOS to try to parse the local data connection address of 802.3 or Ethernet. The ARP type should be set to probe so that one or more router interfaces can communicate transparently with the HP 802.3 host using address resolution technology called "virtual address request and reply.
(12) ARP timeout
This field indicates the length of time that ARP entries remain in the cache before cleaning when they are not active. The default value of ARP timeout is 4 hours, as shown in the example above:
You can use the ARP timeout command to adjust the duration of the ARP cache entry in the cache. The command format is as follows:
Arp timeout seconds
(13) Final Input and Output
This field indicates the hours, minutes, And seconds since the last group or detection interface was successfully received or sent. You can use the value in this field to determine whether the active interface is still active or when the interface fails. About the former, enter the second show interface command 10 seconds or 1 minute after the first show interface command indicates the new final output of the interface (which can also indicate whether a problem occurs. It also indicates that if a problem occurs, it is not because the group cannot be received. For example, in the above example, the last successful input occurs 2 seconds ago. If we wait a few seconds and release another show interface command, we can get updates to this counter.
(14) Output interruption
The output interrupt field indicates the time since the last reset of the interface because the sending time is too long. The value of this field is specified by hour, minute, or second, or will never be displayed if no interruption occurs (hang. If the number of hours since the last reset exceeds 24, the days and hours are displayed until the field benefit is exceeded. In this case, the asterisk (*) is displayed in this field (*).
(15) last cleanup
This field indicates the time when the interface counter of the measurement accumulative statistics was last reset to 0. Clearing will affect almost all statistical information, except routing statistics such as load and reliability.
The actual value displayed in the last clear operation is based on the 32-bit ms counter. An asterisk (*) indicates that the counter cannot be displayed after a long period of time, and 0:00:00 indicates that the counter is cleared before the 31 Power ms of 2 to the 32 power ms of 2. The last clear value on many routers is represented by weeks, months, days, and hours. For example, in the above example, the last time the show interfaces counter is cleared, it is displayed as 1w2d.
(16) queuing Policy
This field indicates the pairing policy assigned to the interface. First in first out, FIFO by default ). If a priority pair method is previously assigned to an interface, this pair method is listed in this field.
(17) queue messages
For the output and input queues, a number is displayed in the form of m/n, followed by the number of groups lost because the queue is full. Here, the m value is replaced by the number of groups in the queue, while the n value is replaced by the n value to indicate the maximum queue size. By checking the number of lost groups and the relationship between m and n over a period of time, you can determine whether to adjust the queue length of a specific interface to reduce the number of lost groups. However, the media and usage level connected to the interface should also be considered to determine whether debugging of the output queue length is beneficial. Medium with high usage is most likely to cause loss of groups in the queue: When the router transmits data, it will encounter difficulties, resulting in queuing of the output group, which in turn leads to when the output queue is full, in addition, when other groups arrive, the group is lost when it is transmitted to the media through the interface. On the input side, the large ratio of the lost group to m to n indicates that the router is busy with other work and cannot process the incoming group in due time. If the next situation lasts for a long time, it usually means a more powerful router is needed to meet the work needs. In general, this situation can be observed through a large number of lost groups in the Inbound direction of many router interfaces.
In the show interfaces above, the queue information field value shows that no group exists in any queue currently. In addition, although the output queue is full, 63 groups are lost, but no groups are lost due to the input queue. The latter is a common situation because most routers (unless excessively configured) should not have problems in processing incoming data.
(18) 5-minute I/O Rate
The next field shows the average number of digits sent and received through the interface and the average number of groups in the previous 5 minutes. Several factors must be taken into account when interpreting the data displayed in this field. First, you must consider the operation mode of the interface and the network configuration of the interface. For example, if the interface is a LAN interface, it can be run in the chaotic mode, so that every investigation on the Qu LAN can be run in non-chaotic mode, that is, it only reads the broadcast consumer and directly delivers it to the consumer of the interface.
If the port is in the disordered mode, read all groups and provide a method to test the data flowing in the network. If the interface is not in a chaotic state, it only feels like the traffic she sends and receives, which may only occupy a small part of all traffic on the network.
Considering the network configuration, if an interface is connected to a LAN with only one station, such as a WEB server, all traffic will flow through the router interface. This means that you can obtain a relatively accurate method for testing network activity without considering the interface mode.
Another factor to consider is the fact that the 5-minute I/O rate represents the power average of the 5-minute time constant. Therefore, any 5-minute I/O rate is the approximate value of the traffic per second during this period. However, the average value generated by the four 5-minute time span is less than 2% of the instant rate of the unified traffic within 20 minutes.
Because the group length is variable, the bit rate per second is generally more useful than checking the activity on the interface from the transport media perspective. In the preceding example, the input rate of 1/6 BPS is about of the interface running rate. You may wonder why the input rate is about an order of magnitude higher than the output rate of the interface. The answer is interface connection. In this specific vro environment, the Ethernet interface is connected to a 10BASE-TLAN with only one other station (that is, the company's WEB Server. Web page requests flow in the form of a uniform resource locator (URL), and the response to URL requests is a web page; this explains why the input and output traffic levels are not proportional. Now we know the I/O rate for 5 minutes. Next we will introduce the input and output information of specific groups that can be displayed for a specific interface.
(19) group and byte Input
This field indicates the total number of non-error groups received by the vro. Second, it also indicates the total number of bytes of the non-error group received by the router.
If you divide the number of nodes by the number of groups, you can obtain the average length of the Group in bytes. This information can be used to provide a general representation of the flow type on the interface. For example, a relatively short group usually transmits interactive query/response traffic, while a relatively long group usually transfers files including web pages and images contained on most of these pages.
(20) No Buffer
The no-buffer field indicates the number of groups received by the interface that have to be discarded due to the lack of buffer space on the router. Do not mix the buffer space with the interface's internal buffer. When there is a continuous "no buffer" situation, it usually means that the router needs more memory. However, if the no buffers value is set regularly, it may be caused by a broadcast storm on the LAN or a noise attack on the serial port. You can check the next field to determine whether the cause of no buffer value is caused by a broadcast storm.
(21) broadcast received
This field indicates the total number of broadcast or multicast groups received by the interface. Note that many broadcasts are part of the natural communication process. For example, the ARP used to resolve a layer-3 IP address to a layer-3 Mac address depends on the issue of a broadcast, in order to query each station of the LAN of the layer-7 address related to the required layer-2 address, so that the system can correctly form a detection to pass the group. Similarly, in the Novell IPX environment, the server is grouped every 30 s of broadcast service declaration protocol (SAP. These define the services provided by the server.
If you are in a strict IP environment, you are more likely to obtain some broadcasts from ARP requests. If you have a time-based application, you can set a fixed item as the ARP cache for the application that has been running for the time, so that you can solve two problems with one action. This not only prevents the router from performing ARP operations, but also allows the parsing process to occur by checking the memory, which is much faster than waiting for the broadcast response. Because data traffic is interrupted during ARP broadcast, reducing ARP broadcast can improve the interface information transmission function. Because the ARP table is maintained inside the vro.
(22) Runts
Runt is the term of an error scenario. The Group length associated with it is smaller than the minimum length related to a protocol. In an Ethernet environment, the minimum group length is 64 bytes on the adapter and 72 bytes on the LAN. Therefore, if an interface receives an Ethernet group of less than 72 bytes, it will be an error and the group will be discarded. In general, a conflict can cause Runt generation, and a faulty adapter can also cause this situation.
(23) Giants
Another error occurs in Giants. It indicates that the length of the group exceeds the maximum length of the Protocol. In an Ethernet environment, the maximum group length of the adapter is 1518 bytes, and the maximum group length of the adapter flowing in the network is 1526 bytes. Therefore, groups with a length of more than 1526 bytes (including the forward code and the start delimiter field) are considered as Giant. Such groups are also discarded, and the number of Giant groups indicates the number of discarded groups due to this situation. The common cause of the Giant group is a lag conflict or an adapter failure.
(24) Throttles
Although this rarely happens, if the router detects a buffer or processor overload, it will turn off its receiver. This situation is called Throttles, but it is not actually a communication problem. On the contrary, it is a router function problem and requires you to check the status of the system buffer and processor. If the show interfaces command indicates a large number of "unbuffered" and Throttle, it usually indicates that you should consider adding memory to the router.