cef question

[ipothos]

i have a cisco 1841 router in which i have enabled cef (cisco express forwarding )

i realized that i had network problems with other servers in the same network (for example the email server was too slow) . When i disabled cef these problems stopped

is there a relation between cef and the network problems i had ?

can anyone help me?

 

[brianinms]

If you are in the same network ... ie subnet as the servers then you don't traverse the router. Hence Cef would have no effect.

 

[burtsbees]

Seems like the email server would go through the router...please post a config, as well as the IP address of the email server (considering that it is a private IP---if it has a public, of course do not post that...

Burt

 

[ipothos]

this is the configuration. the ip of email server belongs to 10.1.2.x network





version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxx
!
boot-start-marker
boot-end-marker
!
logging count
logging buffered 51200 warnings
logging monitor informational
enable password xxxx
!
no aaa new-model
!
resource policy
!
no ip cef
!
!
!


crypto pki trustpoint TP-self-signed-789589337
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-789589337
revocation-check none
rsakeypair TP-self-signed-789589337
!
!
crypto pki certificate chain TP-self-signed-789589337
certificate self-signed 01
3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37383935 38393333 37301E17 0D303730 39313931 30313135
375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3738 39353839
33333730 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
D434C451 ABA0BE82 CFADBF14 BFBB66BD 587BA14B 97E617CC 34DB750A 4E35DCFB
E029D1CF 4BDAA330 52963CE8 5D3324E7 52D43516 B261D2FC A7689091 0A75823A
2727EDF7 DC00D165 CB985052 29EF09C6 BA67FF78 7B5C837C 9D72A29D EC074ADC
A624DBBE 55E20AF5 FA84322A 28C540CF 49619A65 F51F8C44 7DBEACB7 E56735D7
02030100 01A36630 64300F06 03551D13 0101FF04 05300301 01FF3011 0603551D
11040A30 08820641 74746963 6F301F06 03551D23 04183016 80143A32 77EB8FB6
5276F782 95C8EEE7 50BF0360 4753301D 0603551D 0E041604 143A3277 EB8FB652
76F78295 C8EEE750 BF036047 53300D06 092A8648 86F70D01 01040500 03818100
6FE66638 DD4203B9 66FBBB4C A360C83A 4F59605C BAB31CEF B8B5ABD5 2E31CF18
70ED2F05 70947193 F5E6FDF6 F539F48D 92EE3428 605E61B1 E951550D 268313F6
7F6AE8DD AB54C825 2CFA6A4F 24CA742C C1A54B0B C95FF79F 6D7FFCB2 463BC5B5
F851D96B E4D79BF7 76ED45FE CED1DA8C ADEB12ED 9C1A08EB 26BDAAA5 A163C24F
quit
username xxxx password 0 xxxx

interface FastEthernet0/1
ip address 10.1.2.68 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
encapsulation frame-relay IETF
no fair-queue
!
interface Serial0/0/0.1 point-to-point
backup delay 10 5
backup interface BRI0/1/0
ip unnumbered FastEthernet0/1
frame-relay interface-dlci 16
!
ip route 10.1.2.0 255.255.255.0 FastEthernet0/1
ip route 10.100.51.0 255.255.255.0 Serial0/0/0.1
ip route 10.100.80.0 255.255.255.0 Serial0/0/0.1
!
no ip http server
no ip http secure-server
!
!
line con 0
line aux 0
line vty 0 4
password xxxx
login
transport input telnet

 

[brianinms]

Are you saying that when you are on the 10.1.2.x network the server is slow?

 

[ADB100]

I think this might be your issue:

ip route 10.1.2.0 255.255.255.0 FastEthernet0/1
ip route 10.100.51.0 255.255.255.0 Serial0/0/0.1
ip route 10.100.80.0 255.255.255.0 Serial0/0/0.1

Why are you not specifiying a next-hop in the static route statements? I am not sure how cef will deal with this.

Andy

 

[brianinms]

Specifying the actual interface is a better metric than specifying the ip address

 

[burtsbees]

But cef will treat the static routes to express-forward packets to an interface that is in the router...so, would Andy be correct in assuming that a next-hop defined static route would be better? Besides, wouldn't they be equal metrics, both being directly connected?

Burt

 

[eliotB]

IDK about your CEF problem, but someone correct me if I'm wrong....the ip route 10.1.2.0 is useless because it's directly connected. There's no need to include it.

Maybe that's confusing CEF idk.

You use IP route statements to route off your router, not to directly connected networks.

I'd assume it has something to do w/the ip unnumbered statement and your ip route commands.

 

[S3M1N0L3]

ip route 10.1.2.0 255.255.255.0 FastEthernet0/1

It is best practice to point static routes across Ethernet interfaces to the next hop IP address to avoid ARP lookups.

Found this while troubleshooting an issue and as soon as this was changed to the next hop IP, no issues were seen. We thought we found a "bug" since the config had already been looked at by cisco. We asked what the difference was with the two routes (interface vs IP) as the both seemed valid and we were advised that it's always best practice to use IPs over multi-access interfaces as if there is no Proxy ARP, there will be no adjacency formed to update the CEF tables.

You could also use both the interface and the IP in the same line to accomplish the same thing.

ip route 10.1.2.0 255.255.255.0 FastEthernet0/1 123.123.123.123

This may not be your issue but it's good information to have if you're working on a static to an Ethernet interface and it's not working (especially default routes).

Interface is indeed a better metric. I'd be interested in seeing what the metric is for the route I provided (both interface and IP present). I'd hope it to be the same as one pointing to an interface with the IP there just to avoid lookups.

 

[eliotB]

This was from a month ago.

My argument was that since:

interface FastEthernet0/1
ip address 10.1.2.68 255.255.255.0
duplex auto
speed auto

was already in the config, being a 10.1.2.x network.

There was no need to have the ip route 10.1.2.x route statement since it was directly connected already.

The network would already be in the routing table as:

C 10.1.2.0 is directly connected, FastEthernet 0/1

There's no need to include an ip route statement.

Maybe I'm not understanding what you're saying, but your ip route statement would look like this, in the config:

ip route 10.1.2.0 255.255.255.0 FastEthernet0/1 10.1.2.68

and that doesn't make any sense. the logic would be: I want to route the directly connected 10.1.2.0 network out the fa0/1 interface of 10.1.2.68 on the same directly connected network. huh?!?!

 

[burtsbees]

He's directing the traffic from the difectly connected interface LAN traffic out to the fa0/1 interface, and to the next hop all in one statement. I have also heard this is good, as the next hop is always better, you'll still have the ARP lookups---with the fa0/1 in there, there won't be any.
This however I thought was good practice with default routes (0.0.0.0 0.0.0.0), and not this example. I agree, that the directly connected IP address should be replaced with 0.0.0.0 0.0.0.0

Burt

 

[burtsbees]

Difectly? lol
Directly...

Burt