Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


CEF load balancing cisco 3750

Posted on 2014-09-30
Medium Priority
Last Modified: 2014-10-03

I am trying to configure cef for our two gateways (firewalls).  I do see the cef option, but when I go to the 2 interfaces I do not see  ip load-sharing per-destination

Is there something I am missing

I plan on configuring 2 routes to the gateways with the same netrics 1 1

Thank you for your help in advance
Question by:thomasm1948
  • 4
  • 2
LVL 14

Expert Comment

ID: 40354378
The details are a bit sketchy from your question.  Have you configured CEF already, but not the two default routes?  If you haven't configured the default routes yet, what routes are there currently for the Internet traffic?  If you don't have equal-cost routes in the routing table, you won't see any load-sharing when enabling CEF.

Here's the link to the Cisco Config Guide to explain the process for configuring CEF: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15-0_2_se/configuration/guide/scg3750/swiprout.html#pgfId-1109701.  Once CEF is enabled, you can check the FIB table by issuing the "show ip cef"-command - Your internet routes should have two entries (via the two ISP's), which would be an indication that load-sharing takes place.

If you can post the output of the "show ip cef" command (you can remove any entries for your internal network), we can perhaps tell you what is missing.

Just one more question:  If you say that you do not see ip load-sharing per-destination, how did you check?  What did you expect, and what did you find?

Author Comment

ID: 40354847

I took out all of the internal traffic stuff:          multicast         receive          drop   receive

Ok, so I wen through the CEF guide and I do not see all of the commands for CEF on the CISCO 3750.  I know that on the CISCO 3750 CEF is enabled by default and that it can do only per-destination and not per-packet.  CEF is also a global option.

I have not put multiple gateways in as of yet.  So I am unsure how the switch will handle it once I put it in being that I do not get a interface options for load-sharing.  I do get load-sharing option under the global config but I only get the option the following option:

ASAMC3750STACK(config)#ip cef load-sharing ?
  algorithm  Per-destination load sharing algorithm selection

I did set that for original.

I my main issue is that they run VOIP and if the switch handles the 2 gateways as round robin then there will occurances where the switch will have to do packet reformation and that can cause an issue for VOIP.  That is why I am just confirming the CEF because I need it to do load-sharing between the two gateways utilizing per-destination so that their VOIP works correctly

Author Comment

ID: 40354868
forgot to add the following for sh ip cef

Prefix               Next Hop             Interface            Vlan16           receive
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks


Author Comment

ID: 40355140
these are the options that I get under the int for IP

Interface IP configuration subcommands:
  access-group  Specify access control for packets
  admission     Apply Network Admission Control
  arp           Configure ARP features
  dhcp          Configure DHCP parameters for this interface
  igmp          IGMP interface commands
  verify        verify
  vrf           VPN Routing/Forwarding parameters on the interface
LVL 14

Accepted Solution

Otto_N earned 2000 total points
ID: 40356874
I think there's a couple of things you need to know.

1. CEF only expedite forwarding, and doesn't change how the packet is handled

CEF ensure fast packet forwarding (at, or close to, the line rate of the interfaces) by pre-calculating the forwarding path and header rewrite information for all entries in the routing table.  So when a packet hits the switch, the switch sends it out the correct port much quicker than with traditional process switching.  But the outgoing packet looks exactly the same, whether it was CEF-switched or process switched.

Your concern regarding VOIP packet reformation (which I do not understand at all) therefore doesn't revolve around the CEF-handling of the packets, but on how the packets will be routed.

2. CEF do per-destination load-balancing BY DEFAULT

CEF was built around the concept of flows (a series of packets between a set of processes on hosts), and forwarding decisions are made per-flow rather than per-packet.  So, if there are two equal-cost paths in the routing table, CEF will ensure that packets in the same flow will be switched in the same way.

The way flows are defined, is determined by the algorithm used.  Originally, only source-destination IP addresses were considered.  But this had a couple of drawbacks:
- If most of the traffic was between a small set of source & destination, one of the equal-cost paths would carry the bulk of the traffic, leaving much spare capacity on the other link.
- If you deployed CEF on consecutive layers, the next CEF device uses the same hash-algorithm, which would then switch all traffic it receives from the first switch out of one link, and not load-share between multiple links.

To overcome these drawbacks, the CEF algorithm was changed to add source and/or destination ports as input to the hash algorithm, or a switch identifier, to ensure that traffic are more evenly shared.  However, the principle of consistent flow switching is still maintained.

You can read more about this on the Usage Guidelines of the "ip cef load-sharing algorithm"-command, available on the Cisco Command Lookup Tool (for registered users only...).
I assume that the per-flow switching characteristics of CEF should alleviate your fears regarding the compatibility issues of VOIP with round-robin forwarding - Not being a VOIP expert, I don't have any practical knowledge to assist in this regard.  However, if you need all VOIP packets to only go one route, you can always set up PBR to ensure that it happens.

Author Closing Comment

ID: 40359264
Thank you for all of your help

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question