CEF load balancing cisco 3750

Posted on 2014-09-30
Last Modified: 2014-10-03

I am trying to configure cef for our two gateways (firewalls).  I do see the cef option, but when I go to the 2 interfaces I do not see  ip load-sharing per-destination

Is there something I am missing

I plan on configuring 2 routes to the gateways with the same netrics 1 1

Thank you for your help in advance
Question by:thomasm1948
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 14

Expert Comment

ID: 40354378
The details are a bit sketchy from your question.  Have you configured CEF already, but not the two default routes?  If you haven't configured the default routes yet, what routes are there currently for the Internet traffic?  If you don't have equal-cost routes in the routing table, you won't see any load-sharing when enabling CEF.

Here's the link to the Cisco Config Guide to explain the process for configuring CEF:  Once CEF is enabled, you can check the FIB table by issuing the "show ip cef"-command - Your internet routes should have two entries (via the two ISP's), which would be an indication that load-sharing takes place.

If you can post the output of the "show ip cef" command (you can remove any entries for your internal network), we can perhaps tell you what is missing.

Just one more question:  If you say that you do not see ip load-sharing per-destination, how did you check?  What did you expect, and what did you find?

Author Comment

ID: 40354847

I took out all of the internal traffic stuff:          multicast         receive          drop   receive

Ok, so I wen through the CEF guide and I do not see all of the commands for CEF on the CISCO 3750.  I know that on the CISCO 3750 CEF is enabled by default and that it can do only per-destination and not per-packet.  CEF is also a global option.

I have not put multiple gateways in as of yet.  So I am unsure how the switch will handle it once I put it in being that I do not get a interface options for load-sharing.  I do get load-sharing option under the global config but I only get the option the following option:

ASAMC3750STACK(config)#ip cef load-sharing ?
  algorithm  Per-destination load sharing algorithm selection

I did set that for original.

I my main issue is that they run VOIP and if the switch handles the 2 gateways as round robin then there will occurances where the switch will have to do packet reformation and that can cause an issue for VOIP.  That is why I am just confirming the CEF because I need it to do load-sharing between the two gateways utilizing per-destination so that their VOIP works correctly

Author Comment

ID: 40354868
forgot to add the following for sh ip cef

Prefix               Next Hop             Interface            Vlan16           receive
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.


Author Comment

ID: 40355140
these are the options that I get under the int for IP

Interface IP configuration subcommands:
  access-group  Specify access control for packets
  admission     Apply Network Admission Control
  arp           Configure ARP features
  dhcp          Configure DHCP parameters for this interface
  igmp          IGMP interface commands
  verify        verify
  vrf           VPN Routing/Forwarding parameters on the interface
LVL 14

Accepted Solution

Otto_N earned 500 total points
ID: 40356874
I think there's a couple of things you need to know.

1. CEF only expedite forwarding, and doesn't change how the packet is handled

CEF ensure fast packet forwarding (at, or close to, the line rate of the interfaces) by pre-calculating the forwarding path and header rewrite information for all entries in the routing table.  So when a packet hits the switch, the switch sends it out the correct port much quicker than with traditional process switching.  But the outgoing packet looks exactly the same, whether it was CEF-switched or process switched.

Your concern regarding VOIP packet reformation (which I do not understand at all) therefore doesn't revolve around the CEF-handling of the packets, but on how the packets will be routed.

2. CEF do per-destination load-balancing BY DEFAULT

CEF was built around the concept of flows (a series of packets between a set of processes on hosts), and forwarding decisions are made per-flow rather than per-packet.  So, if there are two equal-cost paths in the routing table, CEF will ensure that packets in the same flow will be switched in the same way.

The way flows are defined, is determined by the algorithm used.  Originally, only source-destination IP addresses were considered.  But this had a couple of drawbacks:
- If most of the traffic was between a small set of source & destination, one of the equal-cost paths would carry the bulk of the traffic, leaving much spare capacity on the other link.
- If you deployed CEF on consecutive layers, the next CEF device uses the same hash-algorithm, which would then switch all traffic it receives from the first switch out of one link, and not load-share between multiple links.

To overcome these drawbacks, the CEF algorithm was changed to add source and/or destination ports as input to the hash algorithm, or a switch identifier, to ensure that traffic are more evenly shared.  However, the principle of consistent flow switching is still maintained.

You can read more about this on the Usage Guidelines of the "ip cef load-sharing algorithm"-command, available on the Cisco Command Lookup Tool (for registered users only...).
I assume that the per-flow switching characteristics of CEF should alleviate your fears regarding the compatibility issues of VOIP with round-robin forwarding - Not being a VOIP expert, I don't have any practical knowledge to assist in this regard.  However, if you need all VOIP packets to only go one route, you can always set up PBR to ensure that it happens.

Author Closing Comment

ID: 40359264
Thank you for all of your help

Featured Post

Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question