3Com Router User Manual

							Configure Network Address Translation (NAT)357
Fault 2: Internal server abnormal
Troubleshooting: If an external host cannot access the internal server normally, 
check the configuration on the internal server host, or the internal server 
configuration on the router. Its possible that the internal server IP address is 
wrong, or that the firewall has inhibited the external host to access the internal 
network. Use the command 
display rule for further check. 
						

							358CHAPTER 21: CONFIGURING IP APPLICATION 
						

							22
CONFIGURING IP PERFORMANCE
This chapter contains information on the following topics:
■Configure IP Performance 
■Configure TCP Performance 
■Configure Fast Forwarding
■Display and Debug IP Performance
■Troubleshooting IP Performance Configuration 
Configure IP 
Performance To configure IP performance, carry out the following steps:
1Configure MTU on an Interface
Perform the following configuration in interface view.
Ta b l e 389   Configure maximum transmission unit on an interface
When the Ethernet interface is encapsulated as Ethernet II, the interface mtu 
ranges from 46 to 1500 bytes, and default is 1500 bytes. When the Ethernet 
interface is encapsulated as SNAP, the interface mtu ranges from 46 to 1492 
bytes, and 1492 bytes is default value. The serial port mtu ranges from 128 to 
1500 bytes, and 1500 bytes is default value. The BRI port mtu value ranges from 
128 to 1500 bytes, and 1500 bytes is default value.
2Configure Queue Length 
Perform the following task in system view.
Ta b l e 390   Configure queue length
The range of the receiving queue length of all the protocols is 10~1000 bytes, and 
75 bytes is the default value.
3Configure Router Forwarding Redirect Packets
The following configurations should be made in system view. 
OperationCommand
Configure maximum transmission unit on an interfacemtu  size
Restore default value of maximum transmission unit on an 
interfaceundo mtu 
OperationCommand
Configure IP receiving queue lengthifquelen ip queue-length
Configure IPX receiving queue lengthifquelen ipx queue-length
Configure ARP receiving queue lengthifquelen arp queue-length
Configure interface queue lengthifquelen interface type number 
receive-queue queue-length 
						

							360CHAPTER 22: CONFIGURING IP PERFORMANCE
Ta b l e 391   Configure router forwarding redirect packets
By default, router forwarding redirect packets is enabled. 
4Configure Router Receiving/Forwarding Source Route Packets
The following configurations should be made in system view. 
Ta b l e 392   Configure router receiving/forwarding source address route packets
By default, router receiving/forwarding source address route packets is disabled.  
Configure TCP 
Performance To configure TCP performance, carry out the following steps:
1Configure TCP Header Compression
When small messages are transmitted on low-rate physical lines (such as PSTN), 
the TCP header occupies an obviously larger portion in the messages. To raise 
transmission efficiency, TCP header compression can be configured on this 
interface. At present, TCP head compression can only be used on PPP links.
Perform the following task in interface view.
Ta b l e 393   Enable/disable TCP header compression
TCP header compression is disabled in default status.
2Configure TCP Timers
The following TCP timers can be configured:
■Synwait timer: When a syn message is sent, TCP starts the synwait timer. If no 
response message is received till synwait timeout, TCP connection will be 
terminated.
■Finwait timer: When the TCP connection status changes from FIN_WAIT_1 to 
FIN_WAIT_2, the finwait timer is started. If no FIN message is received till the 
finwait timer timeout, then TCP connection is terminated. 
■Size of the receiving and sending window for the connection-oriented Socket.
Perform the following task in system view.
Ta b l e 394   Configure TCP Timers
OperationCommand
Configure router forwarding redirect packetsicmp redirect send
Disable router forwarding redirect packetsundo icmp redirect send
OperationCommand
Configure router receiving/forwarding source 
address route packetsip option source-route
Disable router receiving/forwarding source address 
route packetsundo ip option source-route
OperationCommand
Enable TCP/IP VJ header compressionppp compression vj
Disable TCP header compressionundo ppp compression vj
OperationCommand
Configure synwait timer for TCP connectiontcp timer syn-timeout seconds
Configure FIN_WAIT_2 timer for TCPtcp timer fin-timeout seconds 
						

							Configure TCP Performance 361
The Synwait timers timeout ranges between 2~600 seconds, with a default value 
of 75 seconds. The Finwait timers timeout ranges between 76~3600 seconds, 
with a default value of 675 seconds. The value of window-size ranges between 
1~32Kbytes, with a default value of 4Kbytes.
Configure the size of the receiving and sending 
window for TCP Socket.tcp window size 
						

							362CHAPTER 22: CONFIGURING IP PERFORMANCE
Configure Fast 
ForwardingMessage forwarding efficiency is a key feature evaluating router performance. 
According to regular flow, when a message arrives, the router will copy it from the 
interface memory to the main CPU. The CPU specifies the network ID from the IP 
address, consults with the routing table to get the best path to forward the 
message, and creates MAC frame suitable for output of the message. The created 
MAC frame is copied to the output queue via DMA (Direct Memory Access), and 
during this process the main system bus is passed twice. This process can be 
repeated for message forwarding. 
In the Fast forwarding, cache is used to process messages. After the first message 
is forwarded by searching routing table, corresponding exchange information is 
generated in the cache, and forwarding of the following same messages can be 
realized by directly searching the cache. This practice greatly simplifies the queuing 
of IP messages, cuts down the route finding time and improves forwarding 
throughput of IP messages. Since the forwarding table in the cache has been 
optimized, much quicker searching speed can be obtained.
The 3Com Router supports Fast forwarding on various high-speed link interfaces, 
such as Ethernet, synchronous PPP, frame relay and HDLC.
Besides, the 3Com Router also supports Fast forwarding when firewall is 
configured.
Fast forwarding implemented via the 3Com Router contains the following 
features:  
■Support fast forwarding on all types of high-speed link interfaces, including 
Ethernet, synchronous PPP, frame-relay and HDLC etc. 
■Provide fast forwarding when the firewall is configured.  
■Support load sharing and improve packets forwarding efficiency greatly.
The performance of Fast forwarding sometimes will be affected by some 
characteristics such as message queue management and message header 
compression. Fast forwarding is not conducted for fragmented messages.
Fast-forwarding Configuration includes:
■Enable/Disable fast-forwarding on an interface
■Configure fast-forwarding table size 
1Enable/Disable fast-forwarding on an interface
You can disable fast-forwarding as needed. For example, if load sharing is required 
when forwarding packets, fast-forwarding should be disabled in the forwarding 
direction of the interface.
Perform the following configuration in interface view.
Ta b l e 395   Enable/Disable fast-forwarding on an interface
OperationCommand
Enable fast-forwarding in both directions of the 
interfaceip fast-forwarding
Enable fast-forwarding on the inbound interfaceip fast-forwarding inbound
Enable fast-forwarding on the outbound interfaceip fast-forwarding outbound 
						

							Display and Debug IP Performance363
By default, fast-forwarding is enabled in the input/output directions of the 
interface.
When fast-forwarding is carried out on an interface, note that:
■You can disable fast-forwarding as necessary. For example, if load sharing is 
required, fast-forwarding must be disabled in the forwarding direction of the 
interface.
■If fast-forwarding has been configured on an interface, the interface will not 
send any ICMP redirected packets.
2Configure fast-forwarding table size
Ta b l e 396   Perform the following configuration in system view
The fast-forwarding table size on a router defaults to 4K, that is, up to 4K entries 
are allowed in the table.
Fast-forwarding table size depends on the memory capacity. The larger the 
memory capacity is, the larger the configurable fast-forwarding table size will be.
Display and Debug Fast 
ForwardingTa b l e 397   Display and Debug fast forwarding
When fast-forwarding on the same interface is configured, ICMP redirect 
messages will not be sent again when IP messages pass the same interface. 
Otherwise, ICMP reorientation messages needs to be sent while messages are 
forwarded.
Display and Debug IP 
PerformanceTa b l e 398   Display and Debug IP address
Disable fast-forwarding on the interfaceundo ip fast-forwarding
OperationCommand
Configure a fast-forwarding table sizeip fast-forwarding cache-size { 4k 
| 16k | 64k | 256k | 1m}
Restore the default fast-forwarding table 
sizeundo ip fast-forwarding cache-size
OperationCommand
Display IP fast-forwarding cachedisplay ip fast-forwarding cache
Display IP fast-forwarding flow-control 
Informationdisplay ip fast-forwarding 
flow-control
Clear contents in the fast forwarding cachereset ip fast-forwarding cache
OperationCommand
Display TCP connection statusdisplay tcp status
Display interface table informationdisplay ip interface [ type 
number ]
Display IP traffic and statistical information.display ip statistics
Turn on IP debugging informationdebugging ip packet
Turn on TCP debugging informationdebugging tcp packet
Turn on TCP cession debugging informationdebugging tcp [ event | packet ]
Turn on UDP debugging informationdebugging udp packet
Clear IP statistical information.reset ip counters 
						

							364CHAPTER 22: CONFIGURING IP PERFORMANCE
Troubleshooting IP 
Performance 
Configuration Fault 1: TCP and UDP are created upon IP protocol, and IP is able to provide 
data packet transmission. However, TCP and UDP protocols do not work 
normally
Troubleshooting: Turn on corresponding debugging switches to check the 
debugging information
■Use the debugging udp command to turn on the UDP debugging switch, and 
trace the UDP data packet. When the router sends or receives UDP data 
packets, the packet content format can be displayed in real time, so problems 
can be located.
The UDP data packet format is as follows:
UDP output packet:
Source IP address: 202.38.160.1
Source port: 1024
Destination IP Address 202.38.160.1
Destination port: 4296
■Use the debugging tcp command to turn on the TCP debugging switch, and 
trace the TCP data packet. TCP has two data packet format options: one is to 
debug and trace the receiving/sending of TCP packets in all TCP connections 
with this equipment as one end. The specific operation is as follows: 
[Router] info-center enable
[Router] debugging tcp packet
The TCP packets received or sent can be checked in real time, and the specific 
format is as follows:
TCP output packet:
Source IP address: 202.38.160.1
Source port: 1024
Destination IP Address 202.38.160.1
Destination port: 4296
Sequence number: 4185089
Ack number: 0
Flag:  SYN
Packet length: 60
Data offset: 10
Another data packet format is to debug and trace packets with SYN, FIN or RST 
setting. 
[Router] info-center enable
[Router] debugging tcp event 
The TCP packets received or sent can be checked in real time, with the same 
packet format as above. 
						

							23
CONFIGURING IP COUNT 
This chapter contains information on the following topics:
■IP Count Introduction
■IP Count Configuration
■Display and Debug IP Count
■Typical Configuration Example
■Troubleshooting
IP Count IntroductionIP Count makes the statistics about the input and output packets, and the packets 
denied by the firewall as well. When making the statistics, the router classifies the 
bidirectional (in and out) IP packets by testing whether they match any IP Count 
lists and whether they are denied by the firewall. At the same time of making data 
statistics, the total numbers of packets and bytes are recorded.
As shown in the following figure, if IP Count has been enabled on the output 
interface Ethernet1, the statistics will be made on the flows transmitted from this 
interface to the network B. A flow destined for the B network can be identified by 
an IP triplet (source address, destination address and protocol). Through the 
statistics that has been made, you can know the outgoing traffic size. If a firewall 
for filtering outgoing packets has been configured on the interface, IP Count will 
record the addresses from which the packets are denied by the firewall, and make 
the statistics on the denied packets and bytes.
Likewise, if IP Count is enabled on the incoming interface Ethenet0, the statistics 
will be made on the flows from the A network to the router. If a firewall for 
filtering the incoming packets has been enabled on the interface, the IP Count 
module can make statistics on the packets denied by the firewall. 
						

							366CHAPTER 23: CONFIGURING IP COUNT
Figure 134   Networking for an IP Count application
IP Count mainly implements the following functions:
■Configure IP Count list
■Make statistics on the output and input packets
■Make statistics on the packets processed by the firewall
■Display all packet statistics
■Clear all packet statistics
IP Count 
ConfigurationBasic Configuration includes:
■Enable IP Count Service
■Enable IP Count on an interface
Advanced Configuration includes:
■Configure IP Count list
■Configure upper threshold for accounting entries in Interior-List
■Configure upper threshold for accounting entries in Exterior-List
■Configure timeout time of IP Count statistics list entries
1Enable IP Count Service
This command can be used to enable or disable IP Count service. You can 
configure IP Count to make statistics on the packets that the router has input or 
output depending on the specific requirements on the router.
Perform the following configuration in system view.
Ta b l e 399   Enable/Disable IP Count service
By default, IP Count is not enabled.
2Configure IP Count on an Interface
PC1
A
PC2
PC3
B
PC4
E0:
169.254.10.1E1
Router 169.254. 10. 1
OperationCommand
Enable IP Countip count enable
Disable IP Countundo ip count enable