What I have read:
For routing basics:
Route Selection in Cisco Routers.pdf
Configuring Cisco Express Forwarding - CEF.pdf
For LB basics:
How Does Load Balancing Work.pdf
Load Balancing with CEF.pdf
The main ideas, as I understand:
1. As soon as a router has 2 (up to 6) routes to the same destination (host or subnet) with the same metric it begins to use Load Balancing.
2. There are 2 ways of LB: per packet and per destination. The first is clear, the second means all traffic\sessions to the same host will go via one and always the same line.
3. LB also depends on the switching mode: FastS (destination based), ProcessS (per packet) or CEF/dCEF (support both). As I understand, the difference is in the way how destination based LB work: in case of CEF mode lines are balanced not just by destination, but by the pair [source ip - dest ip], unlike FS which sends traffic from any source to the same destination via the same line.
4. Recently CEF mode is used by default on most part of routers (using last IOS versions) and by default destination based LB is activated (it is less heavy for routers CPU and memory, but potentially less effective. The latter depends on the quantity of used destinations and equality of data flows: more they are - more effective is LB).
Are these statements correct? If not, please comment mistakes.
Now my questions (the ones I remember, later I may ask some more):
1. In case of destination based LB, if we have routes to a whole subnet, and we have traffic to 2 hosts from that subnet, do we get LB, or any host within the same subnet would be assumed as the same destination?
>> I have read that CEF is not applied on the encrypted traffic. Meanwhile, almost all my traffic is encrypted (as it is thraffic from branches to head office via public networks), we use DMVPN (as I understand GRE + IPSec, routing is done via OSPF over GRE).
the GRE tunnel is still an interface, I would say this is IOS version dependent as CEF support for DMVPN has been introduced at same point.
the right tool is feature navigator
search by feature: DMVPN
there is a feature called
Next Hop Resolution Protocol (NHRP) - CEF rewrite for DMVPN Phase 3 Networks
Also the DMVPN solution reference design guide can be of help
you may need to implement DMVPN phase 3 with NHRP next-hop CEF rewrite that means a different way to configure routing over the DMVPN.
in other words this is something that should be tested. In theory for the presence of the tunnel interfaces (the MGRE tunnel) there is a potential for CEF switching with the appropriate configuration (probably DMVPN phase3) and IOS images on devices.
Encryption is performed later after having chosen the exit tunnel interface.
Hope to help
1) see my post about sh ip cef exact-route it demonstrates CEF is able to use load balancing towards different hosts in same FEC/IP subnet
2) exor of IP addresses less significant bits only: there is no use of Layer4 TCP or UDP ports CEF stays at OSI layer3.
3) with OSPF you can only have equal cost paths
in order to make a 2:1 ratio you need to configure the faster link as two logical links and OSPF will be able to see three equal cost paths
the logical links can be used if :
a) the interface is serial and you use frame-relay encapsulation and you define two FR subinterfaces on faster link
b) the interface is ethernet and you define two Vlan based subinterfaces
all the three logical links will need to have the same OSPF cost this can be adjusted with ip ospf cost xx or bandwidth command
if a) or b) are feasible you can use OSPF otherwise you need to move to EIGRP and to use variance with it (EIGRP specific)
Hope to help