Strange CEF load-sharing issue

Unanswered Question
Feb 1st, 2008
User Badges:

Hi everyone,


I've been fighting the whole day with some crazy customer requirements. Everything worked except the simplest thing (or at least I'm not satisfied with the results) - I have two ISPs and I have to do load-balancing with static routes and failover through SLA monitoring. Regular stuff, have done it already a couple of times. Here's the interesting part of the config:


ip route 0.0.0.0 0.0.0.0 FastEthernet0 192.168.1.1 track 1

ip route 0.0.0.0 0.0.0.0 FastEthernet1 X.X.X.X track 2


ip route 194.145.63.12 255.255.255.255 FastEthernet0 192.168.1.1 name http://www.dir.bg

ip route 194.153.145.104 255.255.255.255 FastEthernet1 X.X.X.X.X name http://www.abv.bg

//These two are used for SLA monitoring purposes


ip nat inside source route-map XXX interface FastEthernet1 overload

ip nat inside source route-map YYY interface FastEthernet0 overload


ip access-list extended LAN

deny ip 192.168.0.0 0.0.0.255 193.168.3.0 0.0.0.255

deny ip 192.168.3.0 0.0.0.255 193.168.0.0 0.0.0.255

permit ip 192.168.0.0 0.0.0.255 any

permit ip 192.168.3.0 0.0.0.255 any

//Had to exclude some local traffic from NAT


ip sla 1

icmp-echo 194.153.145.104

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo 194.145.63.12

ip sla schedule 2 life forever start-time now


route-map YYY permit 10

match ip address LAN

match interface FastEthernet0

route-map XXX permit 10

match ip address LAN

match interface FastEthernet1


track 1 rtr 1

track 2 rtr 2


Everything looks fine with that config to me. Anyway, the show ip route output constantly has an asterisk next to the same next hop. Than, at some moment in time it changes to the other next hop/interface. I generated a couple of pings and traces from the router - no change in the current next-hop used. Anyway, I got really nervous and enabled CEF accounting to see what's going on and here are the results:


MDL#sh ip cef f0 detail


0.0.0.0/0, version 289, epoch 0, per-destination sharing

2298 packets, 245075 bytes

via 192.168.1.1, FastEthernet0, 0 dependencies

traffic share 1

next hop 192.168.1.1, FastEthernet0

valid adjacency

2298 packets, 245075 bytes switched through the prefix

tmstats: external 0 packets, 0 bytes

internal 2298 packets, 245075 bytes

30 second output rate 1 Kbits/sec


MDL#sh ip cef f1 detail

0.0.0.0/0, version 289, epoch 0, per-destination sharing

2145 packets, 229322 bytes

via X.X.X.X, FastEthernet1, 0 dependencies

traffic share 1

next hop X.X.X.X, FastEthernet1

valid adjacency

2145 packets, 229322 bytes switched through the prefix

tmstats: external 0 packets, 0 bytes

internal 2145 packets, 229322 bytes

30 second output rate 0 Kbits/sec


The counters increment constantly at the same rate for both interfaces for the default route so I finally found out that the packet/byte counts are exactly the same for the two interfaces/next hops. I don't know if that's a bug or a feature but doesn't look proper to me:)


I think that the route-map, the SLA monitoring, Enhanced Object Tracking and the static routes are configured correctly, only the output of show ip route 0.0.0.0 0.0.0.0 bothers me, I'm pretty sure it should be changing constantly as the network is in production and traffic is continuously generated there. Any idea?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thegrave2000 Fri, 02/01/2008 - 12:56
User Badges:

Can't put that into the same message so...I also tried the show ip cef exact-route command and here's what I got:


sh ip cef exact-route 1.1.1.1 2.2.2.2

1.1.1.1 -> 2.2.2.2 : FastEthernet1 (next hop X.X.X.X)

MDL#sh ip cef exact-route 2.1.1.1 2.2.2.2

2.1.1.1 -> 2.2.2.2 : FastEthernet1 (next hop X.X.X.X)

MDL#sh ip cef exact-route 4.1.1.1 2.2.2.2

4.1.1.1 -> 2.2.2.2 : FastEthernet1 (next hop X.X.X.X)

MDL#sh ip cef exact-route 4.1.1.1 5.2.2.2

4.1.1.1 -> 5.2.2.2 : FastEthernet1 (next hop X.X.X.X)

MDL#sh ip cef exact-route 4.1.1.1 5.2.5.2

4.1.1.1 -> 5.2.5.2 : FastEthernet1 (next hop X.X.X.X)

MDL#sh ip cef exact-route 4.5.1.1 5.2.5.2

4.5.1.1 -> 5.2.5.2 : FastEthernet0 (next hop 192.168.1.1)

MDL#sh ip cef exact-route 4.5.1.1 5.2.5.1

4.5.1.1 -> 5.2.5.1 : FastEthernet1 (next hop X.X.X.X)

MDL#sh ip cef exact-route 4.5.3.1 5.2.5.1

4.5.3.1 -> 5.2.5.1 : FastEthernet1 (next hop X.X.X.X)

MDL#sh ip cef exact-route 4.5.3.2 5.2.5.1

4.5.3.2 -> 5.2.5.1 : FastEthernet1 (next hop X.X.X.X)

MDL#sh ip cef exact-route 10.5.3.2 5.2.5.1

10.5.3.2 -> 5.2.5.1 : FastEthernet1 (next hop X.X.X.X)

MDL#sh ip cef exact-route 10.5.3.2 10.2.5.1

10.5.3.2 -> 10.2.5.1 : FastEthernet1 (next hop X.X.X.X)

MDL#sh ip cef exact-route 10.5.3.2 10.10.5.1

10.5.3.2 -> 10.10.5.1 : FastEthernet0 (next hop 192.168.1.1)


It looks like the per-destination load-sharing should be working but I'm still not completely sure about that. Is that the correct validation method or the show ip route 0.0.0.0 0.0.0.0 output should also change?

Actions

This Discussion