Solved

CEF load balancing cisco 3750

Posted on 2014-09-30
6
783 Views
Last Modified: 2014-10-03
Hi,

I am trying to configure cef for our two gateways (firewalls).  I do see the cef option, but when I go to the 2 interfaces I do not see  ip load-sharing per-destination

Is there something I am missing

I plan on configuring 2 routes to the gateways with the same netrics

0.0.0.0 0.0.0.0 192.168.1.1 1
0.0.0.0 0.0.0.0 192.168.1.2 1

Thank you for your help in advance
0
Comment
Question by:thomasm1948
  • 4
  • 2
6 Comments
 
LVL 14

Expert Comment

by:Otto_N
ID: 40354378
The details are a bit sketchy from your question.  Have you configured CEF already, but not the two default routes?  If you haven't configured the default routes yet, what routes are there currently for the Internet traffic?  If you don't have equal-cost routes in the routing table, you won't see any load-sharing when enabling CEF.

Here's the link to the Cisco Config Guide to explain the process for configuring CEF: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15-0_2_se/configuration/guide/scg3750/swiprout.html#pgfId-1109701.  Once CEF is enabled, you can check the FIB table by issuing the "show ip cef"-command - Your internet routes should have two entries (via the two ISP's), which would be an indication that load-sharing takes place.

If you can post the output of the "show ip cef" command (you can remove any entries for your internal network), we can perhaps tell you what is missing.

Just one more question:  If you say that you do not see ip load-sharing per-destination, how did you check?  What did you expect, and what did you find?
0
 

Author Comment

by:thomasm1948
ID: 40354847
Hi,

I took out all of the internal traffic stuff:

224.0.0.0/4          multicast
224.0.0.0/24         receive
240.0.0.0/4          drop
255.255.255.255/32   receive

Ok, so I wen through the CEF guide and I do not see all of the commands for CEF on the CISCO 3750.  I know that on the CISCO 3750 CEF is enabled by default and that it can do only per-destination and not per-packet.  CEF is also a global option.

I have not put multiple gateways in as of yet.  So I am unsure how the switch will handle it once I put it in being that I do not get a interface options for load-sharing.  I do get load-sharing option under the global config but I only get the option the following option:

ASAMC3750STACK(config)#ip cef load-sharing ?
  algorithm  Per-destination load sharing algorithm selection

I did set that for original.

I my main issue is that they run VOIP and if the switch handles the 2 gateways as round robin then there will occurances where the switch will have to do packet reformation and that can cause an issue for VOIP.  That is why I am just confirming the CEF because I need it to do load-sharing between the two gateways utilizing per-destination so that their VOIP works correctly
0
 

Author Comment

by:thomasm1948
ID: 40354868
forgot to add the following for sh ip cef

Prefix               Next Hop             Interface
0.0.0.0/0            172.16.0.23          Vlan16
0.0.0.0/32           receive
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:thomasm1948
ID: 40355140
these are the options that I get under the int for IP

Interface IP configuration subcommands:
  access-group  Specify access control for packets
  admission     Apply Network Admission Control
  arp           Configure ARP features
  dhcp          Configure DHCP parameters for this interface
  igmp          IGMP interface commands
  verify        verify
  vrf           VPN Routing/Forwarding parameters on the interface
0
 
LVL 14

Accepted Solution

by:
Otto_N earned 500 total points
ID: 40356874
I think there's a couple of things you need to know.

1. CEF only expedite forwarding, and doesn't change how the packet is handled

CEF ensure fast packet forwarding (at, or close to, the line rate of the interfaces) by pre-calculating the forwarding path and header rewrite information for all entries in the routing table.  So when a packet hits the switch, the switch sends it out the correct port much quicker than with traditional process switching.  But the outgoing packet looks exactly the same, whether it was CEF-switched or process switched.

Your concern regarding VOIP packet reformation (which I do not understand at all) therefore doesn't revolve around the CEF-handling of the packets, but on how the packets will be routed.

2. CEF do per-destination load-balancing BY DEFAULT

CEF was built around the concept of flows (a series of packets between a set of processes on hosts), and forwarding decisions are made per-flow rather than per-packet.  So, if there are two equal-cost paths in the routing table, CEF will ensure that packets in the same flow will be switched in the same way.

The way flows are defined, is determined by the algorithm used.  Originally, only source-destination IP addresses were considered.  But this had a couple of drawbacks:
- If most of the traffic was between a small set of source & destination, one of the equal-cost paths would carry the bulk of the traffic, leaving much spare capacity on the other link.
- If you deployed CEF on consecutive layers, the next CEF device uses the same hash-algorithm, which would then switch all traffic it receives from the first switch out of one link, and not load-share between multiple links.

To overcome these drawbacks, the CEF algorithm was changed to add source and/or destination ports as input to the hash algorithm, or a switch identifier, to ensure that traffic are more evenly shared.  However, the principle of consistent flow switching is still maintained.

You can read more about this on the Usage Guidelines of the "ip cef load-sharing algorithm"-command, available on the Cisco Command Lookup Tool (for registered users only...).
I assume that the per-flow switching characteristics of CEF should alleviate your fears regarding the compatibility issues of VOIP with round-robin forwarding - Not being a VOIP expert, I don't have any practical knowledge to assist in this regard.  However, if you need all VOIP packets to only go one route, you can always set up PBR to ensure that it happens.
0
 

Author Closing Comment

by:thomasm1948
ID: 40359264
Thank you for all of your help
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now