Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
771
Views
0
Helpful
2
Replies

CEF Problem - Traffic Sharing

cisco_geek
Level 1
Level 1

‎09-11-2014 02:07 AM - edited ‎03-01-2019 02:48 PM 

Hello, 

I have a very strange problem on my ASR-1006 BRAS router. 

This router is having two equal paths toward a P router via IS-IS. The BRAS is seeing the P router over the two paths and the two paths are installed in the RIB and FIB as follows:

bras.asr1#sh ip cef 10.10.10.141 internal 

10.10.10.141/32, epoch 3, RIB[I], refcount 6, per-longest-match-prefix sharing
  sources: RIB, LTE 
  feature space:
   IPRM: 0x00028000
   Broker: linked, distributed at 1st priority
   LFD: 10.10.10.141/32 1 local label
   local label info: global/592
        contains path extension list
        disposition chain 0x7FCE5CB8C440
        label switch chain 0x7FCE5CB82FC0
  ifnums:
   GigabitEthernet0/0/0(8): 172.17.11.9
   GigabitEthernet1/0/0(24): 172.17.11.17
  path 7FCE67248388, path list 7FCE5FF51A40, share 1/1, type attached nexthop, for IPv4
    MPLS short path extensions: MOI flags = 0x0 label implicit-null
  nexthop 172.17.11.9 GigabitEthernet0/0/0, adjacency IP adj out of GigabitEthernet0/0/0, addr 172.17.11.9 7FCE5C406958
  path 7FCE6724B5B8, path list 7FCE5FF51A40, share 1/1, type attached nexthop, for IPv4
    MPLS short path extensions: MOI flags = 0x0 label implicit-null
  nexthop 172.17.11.17 GigabitEthernet1/0/0, adjacency IP adj out of GigabitEthernet1/0/0, addr 172.17.11.17 7FCE5079A540
  output chain: IP adj out of GigabitEthernet0/0/0, addr 172.17.11.9 7FCE5C406958

The problem is, CEF is seeing the two paths equal, but the output chain is only having one exit interface and the traffic is traversing this interface only!

This is the interface config:

bras.asr1#sh run all | sec 0/0/0
interface GigabitEthernet0/0/0
 description "Connected to p1 router"
 mtu 1600
 ip address 172.17.11.10 255.255.255.252
 ip redirects
 ip unreachables
 ip proxy-arp
 ip mtu 1600
 no ip load-sharing per-longest-match-prefix
 ip cef accounting non-recursive internal
 ip router isis
 ip flow monitor adsl input
 ip flow monitor adsl output
 ip pim dr-priority 1
 ip pim query-interval 30
 ip mfib forwarding input
 ip mfib forwarding output
 ip mfib cef input
 ip mfib cef output
 ip route-cache cef
 ip route-cache
 ip split-horizon
 ip igmp last-member-query-interval 1000
 ip igmp last-member-query-count 2
 ip igmp query-max-response-time 10
 ip igmp version 2
 ip igmp query-interval 60
 ip igmp tcn query count 2
 ip igmp tcn query interval 10

interface GigabitEthernet1/0/0
 description " Connected to p1 router"
 mtu 1600
 ip address 172.17.11.18 255.255.255.252
 ip redirects
 ip unreachables
 ip proxy-arp
 ip mtu 1600
 no ip load-sharing per-longest-match-prefix
 ip cef accounting non-recursive internal
 ip router isis
 ip flow monitor adsl input
 ip flow monitor adsl output
 ip pim dr-priority 1
 ip pim query-interval 30
 ip mfib forwarding input
 ip mfib forwarding output
 ip mfib cef input
 ip mfib cef output
 ip route-cache cef
 ip route-cache
 ip split-horizon
 ip igmp last-member-query-interval 1000
 ip igmp last-member-query-count 2
 ip igmp query-max-response-time 10
 ip igmp version 2
 ip igmp query-interval 60
 ip igmp tcn query count 2
 ip igmp tcn query interval 10

So, what do you think?
Labels:
0 Helpful
2 Replies 2

morbfrhtc
Level 1
Level 1

‎09-11-2014 04:27 AM

Hi,

I'm not expert on this matter, so take this only as hint/guess. Few informations, which could help you maybe in resolving this issue->

 

1.I suppose, IP address 10.10.10.141/32 is target host towards which you want to forward traffic.

In that case, suspicious for me is this(excerpt from your output)->

bras.asr1#sh ip cef 10.10.10.141 internal 

10.10.10.141/32, epoch 3, RIB[I], refcount 6, per-longest-match-prefix sharing

and

no ip load-sharing per-longest-match-prefix

configured on uplink interfaces. Maybe this causes your problem.

 

2.I'm not sure about ASR1k6, but on ASR1k2 you cannot(depends on release of IOS) do load-balancing in CEF using MPLS labels(only without or using VLAN-tag), so if traffic is exiting via uplink port via label-switching, traffic is forwarded only via one of interfaces in output direction(in opposite direction load-balancing could work OK, 'cause P routers , e.g. Cisco7k6 and higher models usually do this without problem). This is from real-life experience :o). Maybe you should investigate if ASR1k6 supports load-balancing using mpls labels. This kind of info is probably available in cisco documentation(for ASR1k2 it is).

 

I hope that at least I have guided you into right direction.

 

Best regard

0 Helpful

cisco_geek
Level 1
Level 1
In response to morbfrhtc

‎09-11-2014 05:59 AM

Hello,

Thank you morbfrhtc,

But I guess that the problem is not related to the MPLS labels right now, it's highly expected to be related to why CEF didn't include all the exiting interface into its hashing algorithm and built its bucket accordingly.

Moreover, as far as I know, CEF can do load sharing between label-switched interface based upon the position of the router, for example, if the router is at the ingress edge, so the router can do load sharing across multiple equal cost labeled paths based upon the source and destination IP adresses for l3vpn and l2vpn.

However, if the router is a P router, it can still load balance your traffic based upon the inner label.

Regards

0 Helpful
Customers Also Viewed These Support Documents