Re: Verifying cef

jigsaw2026 · ‎11-28-2006

Please could someone tell me whether this is what you would expect to see on a 3750 running CEF:

On each of the SVIs:

#show int vlan 2 stats

Vlan2

Switch path Pkts In Chars In Pkts Out Chars Out

Processor 5826 471156 92287 9831437

Route cache 65 5005 0 0

Total 5891 476161 92287 9831437

I would expect to see far fewer packets process switched...(ACLs are not being used on the above int, there's no NAT, tunneling, ICMP redirect etc, that I'm aware of)

On each of the L2 ints:

FastEthernet2/0/1

Switch path Pkts In Chars In Pkts Out Chars Out

Processor 0 0 305587 22393864

Route cache 0 0 0 0

Total 0 0 305587 22393864

Surely none of them should be process switched??? I'm confused.

Not cef switched:

show ip cef switching stat

Reason Drop Punt Punt2Host

RP RIB Packet destined for us 0 1077419198 0

RP RIB Total 0 1077419198 0

RP LES No route 2094 0 1188

RP LES No adjacency 504 0 626

RP LES TTL expired 0 0 39

RP LES Unclassified reason 0 1023819519 0

RP LES Total 2598 1023819519 1853

All Total 2598 2101238717 1853

Seems like a huge amount to be punting, we have an ACL on a tunnel int - could this be the reason why?

I just want to verify that all is working OK before I get started on QoS.

Also here's the show cef state output:

CEF Status:

RP instance

common CEF enabled

IPv4 CEF Status:

CEF enabled/running

dCEF enabled/running

CEF switching enabled/running

universal per-destination load sharing algorithm, id xxxxxxx

Any help appreciated.

Thanks,

J

mihanlin · ‎12-04-2006

Hello,

What does your CPU utilisation look like?

The Catalyst 3750 Switch can be configured with the tunnel interface. However, because of a hardware limitation, it cannot switch those packets in hardware. This causes all the packets routed through this tunnel to be switched via software.

This would explain why you are seeing punts. A punt is basically where the hardware cannot process the frame, so it 'punts' the frame to the CPU for further inspection.

Below is a link where I sourced the above information about gre tunnels:

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a00807213f5.shtml#topic3

Hope this helps,

Michael

TAC LAN Switching

jigsaw2026 · ‎12-06-2006

Hi Michael,

Many thanks for the link, I think that must explain it. CPU utilisation is around 60%.

Regards,

J

jigsaw2026 · ‎12-06-2006

Also Michael, can I please ask (sorry a bit off the topic but still cef):

I have a input service policy on my vlan interfaces as follows:

class-map match-any critical

match ip dscp ef

class-map match-any priority

match access-group 181

policy-map classify-traffic

class critical

trust dscp

class priority

set dscp af31

From looking at the hits in access-list 181, it appears that only software-switched packets are being marked - is this actually the case? Or is it that hardware-switched packets don't show as hits on the access-list but still are marked?

From the output of show policy-map int, it appears that nothing is being seen:

Service-policy input: classify-traffic

Class-map: critical (match-any)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: ip dscp ef

0 packets, 0 bytes

rate 0 bps

Class-map: priority (match-any)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: access-group 181

0 packets, 0 bytes

rate 0 bps

Class-map: class-default (match-any)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

rate 0 bps

But this is not true as I can see dscp26(af31) appearing on the physical interface (actually more packets than hits on the ACL).

Any help would be much appreciated!

Many thanks,

J