Solved: Traceroute and show ip cef exact route confusion

Pahee Nagulan · ‎05-10-2021

Please check out the attached network diagram for more info.

We have a Layer 3 switch and ip cef is enabled(default load-sharing-per destination) on all the interfaces in that Layer 3 switch. We have 2 equal cost paths to the default routes.(One points to 10.124.66.2 and the other one points to 10.124.66.10). Here is the result of the "show ip route 0.0.0.0" command on the Layer 3 switch.

Layer3switch1#show ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "ospf 1", distance 110, metric 1, candidate default path
Tag 1, type extern 2, forward metric 20
Last update from 10.124.66.2 on Vlan201, 5d05h ago
Routing Descriptor Blocks:
* 10.124.66.10, from 10.124.67.11, 6d03h ago, via Vlan301
Route metric is 1, traffic share count is 1
Route tag 1
10.124.66.2, from 10.124.67.10, 5d05h ago, via Vlan201
Route metric is 1, traffic share count is 1
Route tag 1

We have a host that is connected to the Layer3 switch off of another switch. I was curious to see the path the packets take when I ping 8.8.8.8 from the host. Before I do that, I'm going to issue the command " show ip cef exact route" to see the path the Layer3switch shows.

Here is the result:-

Layer3switch#show ip cef exact-route 10.124.68.245 8.8.8.8
10.124.68.245 -> 8.8.8.8 =>IP adj out of Vlan201, addr 10.124.66.2

But when I ran the command tracert from the host, it's always taking the path pointing to 10.124.66.10. Why is that? I thought since CEF is doing per-destination load-sharing, it should take the path through 10.124.66.2 ? What am I missing?

Experts, thank you for your time.

Martin L · ‎05-10-2021

3 things come to mind with CEF and/or equal paths to destination.

Per Cisco documentation packets for a given source-destination pair are guaranteed to take the same path, even if multiple paths are available.

Cisco CEF settings and rules apply to forwarding traffic. In other words, CEF applies to "routed" packets as they move via router. So, you cannot look at CEF table or follow CEF table for packets that are sourced and/or destined by the router itself (doing CEF).

Some packets must be "software processed" where CEF does not applies even if those are "passing thru". Ping and Traceroute packets are not being processed by CEF but by router CPU. Similarly, anything that must be inspected by ACL or any other filter(s) also skips "rule of CEF" and goes via CPU software=processed.

Regards, ML
**Please Rate All Helpful Responses **

View solution in original post

Richard Burts · ‎05-12-2021

What you are describing about traceroute from the layer3router and from a connected host is the expected behavior. When the layer3router generates a traceroute request it will alternate between the available paths to the destination. When the layer3router receives a packet from a connected device and there are multiple paths toward the destination the layer3router will perform a hash calculation using the source/destination address pair and depending on the results of the calculation will choose one of the paths. So the same source to the same destination will always use the same path.

HTH

Rick

View solution in original post

Martin L · ‎05-10-2021

3 things come to mind with CEF and/or equal paths to destination.

Per Cisco documentation packets for a given source-destination pair are guaranteed to take the same path, even if multiple paths are available.

Cisco CEF settings and rules apply to forwarding traffic. In other words, CEF applies to "routed" packets as they move via router. So, you cannot look at CEF table or follow CEF table for packets that are sourced and/or destined by the router itself (doing CEF).

Some packets must be "software processed" where CEF does not applies even if those are "passing thru". Ping and Traceroute packets are not being processed by CEF but by router CPU. Similarly, anything that must be inspected by ACL or any other filter(s) also skips "rule of CEF" and goes via CPU software=processed.

Regards, ML
**Please Rate All Helpful Responses **

Pahee Nagulan · ‎05-11-2021

Thanks Martin. That makes sense. When the router performs "software processing", does that look solely at the routing table for packet forwarding? Does the router have an load sharing algorithm when performing "software processing" if there are equal cost paths? When I did a tracert from the host, it always took the path via 10.124.66.10 but when I performed the traceroute from the layer3router itself, it took both paths(10.124.66.10 and 10.124.66.2).

Richard Burts · ‎05-12-2021

What you are describing about traceroute from the layer3router and from a connected host is the expected behavior. When the layer3router generates a traceroute request it will alternate between the available paths to the destination. When the layer3router receives a packet from a connected device and there are multiple paths toward the destination the layer3router will perform a hash calculation using the source/destination address pair and depending on the results of the calculation will choose one of the paths. So the same source to the same destination will always use the same path.

HTH

Rick

Pahee Nagulan · ‎05-16-2021

Thank you @Martin L and @Richard Burts for taking your time to answer my question. Appreciate it!

Richard Burts · ‎05-17-2021

You are welcome. I am glad that our explanations were helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick