Solved: Maximum router CEF capacity

Nigrofasciatum · ‎05-09-2012

I have a 1721 router with 3 equal routes to 0.0.0.0, using CEF for load balancing with universal load balancing algorithm. It doesn`t NAT, just routing. I wonder which is the maximum capacity of the router, since it should support up to 40000 connections to different destination IP. Is the limit set by the router resources (CPU, memory, ...) or a maximum limit of entries in the table FIB / RIB?

Thanks

Giuseppe Larosa · ‎05-10-2012

Hello Nigrofasciatum,

the network diagram helps to understand your network scenario.

If for load balacing you mean that you have three default static routes, the bottleneck of your solution is the packet forwarding performance of the C1721 as I said in my previous post.

The reason is that CEF tables are populated by topology not by the number of flows seen in the network.

CEF is topology based and not traffic based.

So the CEF table of C1721 contains only 3 entries one for each default route and one entry for each internal network.

CEF load balancing is achieved by performing a binary math operation on IP source address and IP destination address of the packet. ( bit binary EXOR of the 3 less significant bits of IP SA and IP DA in this case, there is also a seed hash, that is an internal value that does not change until the router reloads) This operation provides an index that is used to choice one next-hop.

It does not require to store the choice in any table, this operation is performed on the fly as part of packet forwarding.

The forwarding capacity of a C1721 may be not enough for 200 hosts.

A C1721 with CEF is capable of 12000 pps (packet per second) for roughly 6,14 Mbps of traffic aggregate and it is also in End of Support.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎05-09-2012

Hello Nigrofasciatum,

unless you are using CBAC or other firewall features there is no session concept on the router and its performance are measured in packets per second = forwarding capacity.

This is not related to CEF table size but simply to cpu raw power for a SW based router like C1721.

if you have 3 default routes you just have three CEF entries, then the load balancing algorithm choices a path for a given flow (defined by its source IP and destination IP).

Hope to help

Giuseppe

Nigrofasciatum · ‎05-10-2012

I think I don´t explained well. The design I trying to make is like the scheme. I want to support up to 200 machines behind the firewall making heavy use of the Internet, so I estimated about 200 computers to make requests to 200 Internet IP addresses each one.

There is only one source IP (the firewall), and 1721 router would balance the load solely on the basis of the destination IP (CEF per-destination load-balancing algorithm). With CEF the router maintains the same route for all requests to the same destination IP, storing that IP in FIB table, no? I don´t know the operation of CEF well, but I wondered if that table has a limit.

http://www.cisco.com/en/US/products/hw/modules/ps2033/prod_technical_reference09186a00800afeb7.html

The solution is currently running, but I know where I would be the limit (memory, CPU, capacity tables,...)

Giuseppe Larosa · ‎05-10-2012

Hello Nigrofasciatum,

the network diagram helps to understand your network scenario.

If for load balacing you mean that you have three default static routes, the bottleneck of your solution is the packet forwarding performance of the C1721 as I said in my previous post.

The reason is that CEF tables are populated by topology not by the number of flows seen in the network.

CEF is topology based and not traffic based.

So the CEF table of C1721 contains only 3 entries one for each default route and one entry for each internal network.

CEF load balancing is achieved by performing a binary math operation on IP source address and IP destination address of the packet. ( bit binary EXOR of the 3 less significant bits of IP SA and IP DA in this case, there is also a seed hash, that is an internal value that does not change until the router reloads) This operation provides an index that is used to choice one next-hop.

It does not require to store the choice in any table, this operation is performed on the fly as part of packet forwarding.

The forwarding capacity of a C1721 may be not enough for 200 hosts.

A C1721 with CEF is capable of 12000 pps (packet per second) for roughly 6,14 Mbps of traffic aggregate and it is also in End of Support.

Hope to help

Giuseppe

Nigrofasciatum · ‎05-10-2012

Thanks for the reply. The truth is that the current shceme is a test scenario with a 1721 router, but I can introduce routers Cisco 887 or 891 if the design is feasible. What is the capacity of these routers in pps? Where I can get that information? How have you calculated the ratio pps / Mbps? Thanks again.

Joseph W. Doherty · ‎05-10-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

Joseph W. Doherty · ‎05-10-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

It's likely there's an actual limit, but if so, it's also likely to be rather "large" as I've used CEF when working with the full Internet route table (including working with two Internet peers - also including using ISRs).

Perhaps you're thinking CEF resource usage is tied to flows transiting the router, i.e. sort of like a Netflow cache. As far as I known, CEF resource usage is tied to the size of your route table and is independent of actual number of active flows. It's more like Etherchannel where it will hash a flow's attributes to select a CEF path.

In your case if you only have 3 static default routes, CEF should mirror those. CEF should not encounter any kind of resource limit on your 1721 in this instance.

paolo bevilacqua · ‎05-09-2012

1721 and 40K "connections" ???

But the you hust have three default routes.

What are you talking about ?