Re: IP CEF - Page 2

xbaha12345 · ‎04-20-2007

hello

I am trying to debug why my load balancing is not giving me a 100% of the bandwidth, i tried few commands, if some one please explain what they mean and if there is something wrong in their output:

Router#sh cef not-cef

CEF Packets passed on to next switching layer

Slot No_adj No_encap Unsupp'ted Redirect Receive Options Access Frag

RP 1231 0 3687843 13 290906 0 0 0

Router#sh cef drop

CEF Drop Statistics

Slot Encap_fail Unresolved Unsupported No_route No_adj ChkSum_Err

RP 7308 0 0 6 0 0

#sh ip cef receive

Apr 21 00:57:54.663: CEF-Receive: Packet for 65.55.251.108 -- unsupported featur

e

Apr 21 00:57:54.663: CEF-Receive: Not supported for 208.98.1.46 thru Dialer5 - r

eceive

Apr 21 00:57:54.663: CEF-Receive: Packet for 208.98.1.46 -- unsupported feature

Apr 21 00:57:54.663: CEF-Receive: Not supported for 208.98.1.46 thru Dialer5 - r

eceive

Apr 21 00:57:54.663: CEF-Receive: Packet for 208.98.1.46 -- unsupported feature

Apr 21 00:57:54.663: CEF-Receive: Not supported for 209.73.166.140 thru Dialer2

- receive

paolo bevilacqua · ‎04-23-2007

So why don't you try "no ip cef".

It's few hundreds of PPS after all, and the router should be able with that with fast-switching without a problem.

mohammedmahmoud · ‎04-23-2007

Hi Baha,

Your MTU and adjust-mss values are the recommended values, like Paolo said why don't you disable CEF and we shall see what happens then, according to the router performance sheet there is merely any performance difference between CEF and Fast Switching (your CPU might increase a little bit):

http://www.cisco.com/warp/public/765/tools/quickreference/routerperformance.pdf

BR,

Mohammed Mahmoud.

mounir.mohamed · ‎04-24-2007

Why not use virtual-template instead of the dialer interface.

xbaha12345 · ‎04-24-2007

Hi,

could you post me a sample config on how to use a virtual template?

also, i tried removing #no ip cef

and will post results in 24 hours.

thanks.

mounir.mohamed · ‎04-24-2007

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/35

encapsulation aal5mux ppp virtual-template 10

no dialer pool-member 1

!

interface ATM0/2/0

bandwidth 1088

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc DSL 0/35

encapsulation aal5mux ppp virtual-template 10

no dialer pool-member 2

!

interface ATM0/3/0

bandwidth 1088

no ip address

logging event atm pvc state

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/35

encapsulation aal5mux ppp virtual-template 10

no dialer pool-member 3

!

interface ATM3/0/0

bandwidth 1088

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/35

encapsulation aal5mux ppp virtual-template 10

no dialer pool-member 4

interface Virtual-Template10

ip address x.x.x.x x.x.x.x

ppp multilink

ppp multilink fragment delay 10

ppp multilink interleave

IP nat outside

Note that the IP address should be configured on the Virtual-Template10 then only one default route pointing on the next-hop address.

Also currently no need for route-maps (IF all links belong to the same ISP)because the traffic received on the Giga interfaces will follow the default route, But if you need to only NAT specific local hosts use the route-map but note that no need to match on the outgoing interface the route-map can only match on the IP address and begin NAT it IF the destination the host trying to reach is reachable through the outside nat interface.

Please rate helpful posts.

Best Regards,

Mounir Mohamed

xbaha12345 · ‎04-25-2007

Hello Mr Mounir,

isnt there supposed to be a user name / password in the virtual template to authenticate me?

also, i'll be using one IP address for all my four links, is that right?

ill be using the same ISP, so the route shouls look like:

#route 0.0.0.0 0.0.0.0 (NEXT_HOP_IP) ?

finally for natting, since i am using the same ISP as you said i wont be needing route_map any more.

but i will be natting my local IPs on the ip address of the Virtual-Template10 .

let me know very excited to implement this config!

thanks.

mounir.mohamed · ‎04-25-2007

Hi Baha,

Point 1 (virtual template to authenticate):

It's optional but no needs for authentication because it's point to point link, but if you care all you need to do it under the virtual template only add ppp authentication pap or chap and specifiy the AAA group or use the default AAA PPP profile.

Point 2 (Link IP address):

yes only one IP will be assigned to the virtual template, because all ATM interface considered as one link which presented by the virtual template.

Point 3 (Routing):

Yes only one default route should be pointing to the next-hop

Point 4 (NAT):

Yes you do not have to use route-map any more the below lines will be enough:

NAT Config:

ip nat inside source list 1 interface virtual template 10 overload

access-list 1 permit 1.1.1.1

access-list 1 permit 1.1.1.5 and so on

Let me know if you have any problem with such config.

Please Rate helpful posts.

Best Regards,

Mounir Mohamed

xbaha12345 · ‎04-26-2007

hello Mounir,

i am trying as a test to configure a virtual template on 2 lines befor i do it on all the lines, just to make sure there is nothing wrong.

so i started without giving IP address:

!

interface Virtual-Template10

ip address negotiated

ip nat outside

ppp authentication pap callin

ppp chap refuse

ppp pap sent-username xx password x

ppp multilink

ppp multilink fragment delay 10

ppp multilink interleave

!

i will get an ip address soon, but this is only for test purpose, it seemed there was no connectivity, is this normal, shall i proceede?

here is the output of the debug ppp nego:

Apr 27 05:08:38.560: ppp437 LCP: Failed to negotiate with peer

Apr 27 05:08:38.560: ppp437 PPP: Sending Acct Event[Down] id[1AF]

Apr 27 05:08:38.560: ppp437 LCP: State is Closed

Apr 27 05:08:38.560: ppp437 PPP: Phase is DOWN

Apr 27 05:08:38.560: ppp437 PPP: Send Message[Disconnect]

Apr 27 05:08:39.488: ppp438 PPP: Send Message[Dynamic Bind Response]

Apr 27 05:08:39.488: ppp438 PPP: Using default call direction

Apr 27 05:08:39.488: ppp438 PPP: Treating connection as a dedicated line

Apr 27 05:08:39.488: ppp438 PPP: Session handle[530001BB] Session id[438]

Apr 27 05:08:39.488: ppp438 PPP: Phase is ESTABLISHING, Active Open

Apr 27 05:08:39.488: ppp438 LCP: O CONFREQ [Closed] id 1 len 36

Apr 27 05:08:39.488: ppp438 LCP: AuthProto PAP (0x0304C023)

Apr 27 05:08:39.488: ppp438 LCP: MagicNumber 0x1875BDC4 (0x05061875BDC4)

Apr 27 05:08:39.488: ppp438 LCP: MRRU 1524 (0x110405F4)

Apr 27 05:08:39.488: ppp438 LCP: EndpointDisc 1 KAMC_NahdiTabuk

Apr 27 05:08:39.488: ppp438 LCP: (0x1312014B414D435F4E61686469546162)

Apr 27 05:08:39.488: ppp438 LCP: (0x756B)

Apr 27 05:08:39.508: ppp438 LCP: I CONFREJ [REQsent] id 1 len 30

Apr 27 05:08:39.508: ppp438 LCP: AuthProto PAP (0x0304C023)

Apr 27 05:08:39.508: ppp438 LCP: MRRU 1524 (0x110405F4)

Apr 27 05:08:39.508: ppp438 LCP: EndpointDisc 1 KAMC_NahdiTabuk

Apr 27 05:08:39.508: ppp438 LCP: (0x1312014B414D435F4E61686469546162)

Apr 27 05:08:39.508: ppp438 LCP: (0x756B)

Apr 27 05:08:39.508: ppp438 LCP: O CONFREQ [REQsent] id 2 len 14

Apr 27 05:08:39.508: ppp438 LCP: AuthProto PAP (0x0304C023)

Apr 27 05:08:39.508: ppp438 LCP: MagicNumber 0x1875BDC4 (0x05061875BDC4)