SUP720: GRE traffic which is not processed in CEF

Unanswered Question
Jan 11th, 2008


we have some problem with GRE traffic which is processed by CPU and not by CEF.

In sniffed packets I can see a lot of "TCP window update" packets.

I found that some kind of GRE traffic are forwarded to CPU, like packets with IP options or TTL=0 but non of those are seen in the sniffed packets.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Konstantin Dunaev Mon, 01/14/2008 - 08:35


I think I found it.

we use the PBR for forwarding ome traffic (with private IP addresses) via GRE tunnel and what I found:


The Policy Feature Card (PFC) and any Distributed Feature Cards (DFCs) provide hardware support for policy-based routing (PBR) for route-map sequences that use the match ip address, set ip next-hop, and ip default next-hop PBR keywords.

When configuring PBR, follow these guidelines and restrictions:

-The PFC provides hardware support for PBR configured on a tunnel interface.

-The PFC does not provide hardware support for PBR configured with the set ip next-hop keywords if the next hop is a tunnel interface.


it seems that the CPU load was not caused by GRE traffic itself, but it was caused by PBR process which forward the traffic to the GRE tunnel.

I'd be appreciate if somebody could confirm this or explain in more details.


This Discussion