Solved: CEF cause slow youtube on smartphones

sokin87 · ‎01-22-2018

On Cisco 867VAE the youtube app on smartphones is very slow on initial connection for video playback, the issue disappear when CEF is disabled. Video playback on desktops and via browser on smartphone is fine with CEF on. Any thoughts?

sokin87 · ‎01-29-2019

The solution: I don't know why exactly but by disabling route-cache cef (no ip route-cache cef) on the vlan interface did the trick and the youtube is very fast again. This seems that it does not affect the routing capability of the router in comparison to no ip cef globally "solution" in which bandwidth dropped in half. I hope this helps anyone else having a similar problem. Thank you.

View solution in original post

Peter Paluch · ‎01-22-2018

Hello,

This is certainly unexpected.

I would like to ask if perhaps the router have multiple ECMP paths to any destination that might be relevant to the YouTube app. Deactivating CEF changes the load-sharing algorithm used to select ECMP paths, and that might influence the app.

If this is not the case, do you believe you could share the configuration of this router (with passwords and sensitive information removed)?

Best regards,
Peter

sokin87 · ‎01-22-2018

This is my conf, it took me a long time to figure out what was causing this delay and it is very strange but it certainly is that because the same thing happen to another 867VAE of a friend.I also attach the show version as the image version might help. Thank you.

Cisco IOS Software, C860 Software (C860VAE-ADVSECURITYK9-M), Version 15.1(4)M3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 06-Dec-11 22:26 by prod_rel_team

ROM: System Bootstrap, Version 15.1(4r)M2, RELEASE SOFTWARE (fc1)

Cisco867VAE uptime is 3 weeks, 2 days, 2 hours, 50 minutes
System returned to ROM by power-on
System image file is "flash:c860vae-advsecurityk9-mz.151-4.M3.bin"
Last reload type: Normal Reload

Cisco 867VAE-K9 (BCM6368) processor (revision 0.3) with 234496K/26624K bytes of memory.
Processor board ID GMK114203HE
1 DSL controller
1 Ethernet interface
4 FastEthernet interfaces
2 Gigabit Ethernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
255K bytes of non-volatile configuration memory.
57344K bytes system flash allocated

Configuration register is 0x2102

Cisco867VAE#show run
Building configuration...

Current configuration : 6987 bytes
!
! Last configuration change at 14:54:33 Greece Wed Jan 3 2018 by *****
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname Cisco867VAE
!
boot-start-marker
boot-end-marker
!
!
enable secret **********
!
no aaa new-model
wan mode dsl
clock timezone Greece 2 0
ipv6 unicast-routing
ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 10.0.0.1 10.0.0.100
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp excluded-address 192.168.1.180 192.168.1.254
ip dhcp excluded-address 192.168.10.1 192.168.10.100
!
ip dhcp pool wan_pool
!
ip dhcp pool vpn-dhcp-pool
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.1.2
lease 0 1
!
ip dhcp pool PublicLan
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8
lease 0 1
!
!
ip inspect WAAS flush-timeout 10
ip inspect name TrafficOUT tcp
ip inspect name TrafficOUT udp
ip inspect name TrafficOUT icmp
ip inspect name TrafficOUT ftp
ip inspect name TrafficOUT sip
ip inspect name TrafficOUT pop3
ip inspect name TrafficOUT imap
ip inspect name TrafficOUT http
ip inspect name TrafficOUT https
ip inspect name TrafficOUT snmp
ip inspect name TrafficOUT snmptrap
ip domain name
ip name-server 8.8.8.8
ip ddns update method DynDNS
HTTP
add
interval maximum 0 0 2 0
interval minimum 0 0 0 30
!
login block-for 30 attempts 3 within 30
login delay 2
!
!
vpdn enable
!
vpdn-group vpn-users
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
!
!
crypto pki token default removal timeout 0
!
!
!
!
vtp mode transparent
username **********
!
!
controller VDSL 0
!
vlan 10
name Public
!
ip ssh version 2
!
class-map match-any limitclass
match any
!
!
policy-map test
class class-default
policy-map Limit8
class limitclass
police 8388500 conform-action transmit exceed-action drop
!
!
!
!
!
!
bridge crb
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
bridge-group 1
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Ethernet0
no ip address
no ip redirects
!
interface Ethernet0.835
description OTEVDSL
bandwidth 2500
bandwidth receive 30000
encapsulation dot1Q 835
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0
no ip address
spanning-tree portfast
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
switchport mode trunk
no ip address
speed 1000
!
interface GigabitEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered Vlan1
ip nat inside
ip virtual-reassembly in
peer default ip address dhcp-pool vpn-dhcp-pool
no keepalive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap ms-chap-v2
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0 secondary
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
ipv6 address FE80::1 link-local
ipv6 address autoconfig
ipv6 enable
ipv6 nd other-config-flag
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
bandwidth 2500
bandwidth receive 30000
ip ddns update hostname ************
ip ddns update DynDNS
ip address negotiated
ip mtu 1492
ip inspect TrafficOUT out
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer redial interval 120 attempts 60
dialer-group 1
ipv6 address autoconfig default
ipv6 enable
ipv6 virtual-reassembly in
ppp authentication chap pap callin
ppp chap hostname ************
ppp chap password 7 *************
ppp pap sent-username ************* password *************
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
interface Dialer2
no ip address
encapsulation ppp
!
router rip
version 2
passive-interface default
no passive-interface Vlan1
network 10.0.0.0
network 192.168.1.0
no auto-summary
!
ip local pool vpn-pool 10.0.0.10 10.0.0.20
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip dns server
ip dns spoofing 212.205.212.205
ip nat translation timeout 900
ip nat translation tcp-timeout 900
ip nat translation udp-timeout 900
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.240 80 interface Dialer1 48081
ip nat inside source static tcp 192.168.1.5 3389 interface Dialer1 43389
ip nat inside source static tcp 192.168.1.240 554 interface Dialer1 554
ip nat inside source static tcp 192.168.1.240 8000 interface Dialer1 8000
ip nat inside source static tcp 192.168.1.240 443 interface Dialer1 48443
ip nat inside source static tcp 192.168.1.5 49888 interface Dialer1 49888
ip nat inside source static udp 192.168.1.240 554 interface Dialer1 554
ip nat inside source static udp 192.168.1.240 8000 interface Dialer1 8000
ip nat inside source static udp 192.168.1.5 49888 interface Dialer1 49888
ip nat inside source static tcp 192.168.1.5 21 interface Dialer1 48821
ip nat inside source static tcp 192.168.1.5 40000 interface Dialer1 40000
ip nat inside source static tcp 192.168.1.5 40001 interface Dialer1 40001
ip nat inside source static tcp 192.168.1.5 40002 interface Dialer1 40002
ip nat inside source static tcp 192.168.1.5 40003 interface Dialer1 40003
ip nat inside source static tcp 192.168.1.5 40004 interface Dialer1 40004
ip nat inside source static tcp 192.168.1.5 40005 interface Dialer1 40005
ip nat inside source static tcp 192.168.1.5 40006 interface Dialer1 40006
ip nat inside source static tcp 192.168.1.5 40007 interface Dialer1 40007
ip nat inside source static tcp 192.168.1.5 40008 interface Dialer1 40008
ip nat inside source static tcp 192.168.1.2 22 interface Dialer1 49022
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.0.0 255.255.255.0 Vlan1
ip route 192.168.2.0 255.255.255.0 192.168.1.10
!
ip access-list standard AllowedSSH
permit 192.168.0.0 0.0.255.255
permit 10.0.0.0 0.0.0.255
!
!
access-list 1 permit any
dialer-list 1 protocol ip permit
!
!
!
!
!
ipv6 access-list ipv6_local
permit ipv6 any any
bridge 1 protocol ieee
banner motd ^CC
##############################################

Beware these are trecherous domains.....

#############################################
^C
!
line con 0
password ************
login local
no modem enable
line aux 0
line vty 0 4
exec-timeout 0 0
password **************
logging synchronous
login local
transport input all
!
scheduler allocate 60000 1000
end

Georg Pauwen · ‎01-22-2018

Hello,

since you have a static default route configured, you don't need the 'ppp ipcp route default' under your Dialer 1 interface. Remove that line and check if it makes a difference.

Also, change your access list 1 to:

access-list 1 permit 192.168.0.0 0.0.255.255

sokin87 · ‎01-22-2018

Hi, I did what you suggested (both route and access list), even when I had done them before, no change the same. I guess it is something more complicated on a lower level as there is no explanation in my set of mind. I tried in my mind all possible explanations and it doesn't make any sense, routes are simple, as is j ust a soho setup, simple nat everything simple, I tried barebone setup (a dsl connection and a vlan with nat nothing else) but it is the same, maybe it is just the 867. Thank u if you think anything else please tell me.

Deepak Kumar · ‎01-23-2018

Please try to get CEF dropped packet details:

debug ip cef drop

Regards,
Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Peter Paluch · ‎01-23-2018

Hello,

This is really getting interesting.

A couple of observations, but it is admittedly grappling at straws:

I see your Dialer1 interface configured for IP MTU 1492 which is exactly what should be done for PPPoE sessions. However, I do not see the TCP MSS adjustment to 1452 being configured. This could have, under circumstances, negative impact on the performance of TCP sessions. Can you try adding the ip tcp adjust-mss 1452 to your Dialer1 config?
Also, you appear to be running IPv6 along with IPv4. The necessary modifications for IPv6 MTU and TCP MSS do not seem to be configured on Dialer1 at all. Can you try configuring ipv6 mtu 1452 and ipv6 tcp adjust-mss 1432 there? Keep in mind that IPv6 TCP MSS has to be smaller by 20+40=60 bytes than the MTU, as opposed to IPv4 where the TCP MSS is smaller by 40 bytes.
You have IP Inspect configured, but you do not actually seem to be using any kind of ACL to block incoming connections (remember that IP Inspect only tracks connections but does not block any traffic; it is the task of an extended ACL in the opposite direction to perform a "deny ip any any"; IP Inspect "punches holes" into this ACL for return traffic in recognized sessions). Since IP Inspect is not really useful at this moment, could you try removing "ip inspect TrafficOUT out" from your Dialer1?
If nothing from this helps, is there a chance to capture the traffic generated by the YouTube app and have a look at it? Ideally - the whole traffic generated and received by the smartphone where the app is running. There must be something specific about it.

Best regards,
Peter

sokin87 · ‎01-23-2018

I removed ipv6 from dialer1 and added the ip tcp adjust-mss 1452 but still the same.

My conf was a little messy cause I was testing and experimenting but as I said before even with simplest conf the same thing happens. I made my conf as simple as I can without interrupting my work and I attach it again below.

I tried debugging CEF before also, no drop packets.

I will try also capturing debug data from Youtube app on my phone (by the way it is a samsung s7) and the problem is not phone specific as I experience the same problem with other smartphones.

I want to thank everyone for your time and help on this small but frustrating problem.

!
! Last configuration change at 04:25:25 Greece Tue Jan 23 2018 by **********
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname Cisco867VAE
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 *************
!
no aaa new-model
wan mode dsl
clock timezone Greece 2 0
ipv6 unicast-routing
ipv6 cef
ip source-route
ip cef
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp excluded-address 192.168.1.180 192.168.1.254
!
ip dhcp pool wan_pool
!
ip dhcp pool vpn-dhcp-pool
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.1.2
lease 0 1
!
!
ip domain name **********.dyndns.org
ip name-server 8.8.8.8
ip ddns update method DynDNS
HTTP
add http://**********:**********@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 0 0 2 0
interval minimum 0 0 0 30
!
login block-for 30 attempts 3 within 30
login delay 2
!
!
vpdn enable
!
vpdn-group vpn-users
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
!
!
crypto pki token default removal timeout 0
!
!
!
vtp mode transparent
username ********** secret *********
username ********** password *******
!
!
controller VDSL 0
!
!
ip ssh version 2
!
!
bridge crb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
bridge-group 1
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Ethernet0
no ip address
no ip redirects
!
interface Ethernet0.835
description OTEVDSL
bandwidth 2500
bandwidth receive 30000
encapsulation dot1Q 835
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0
no ip address
spanning-tree portfast
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
switchport mode trunk
no ip address
speed 1000
!
interface GigabitEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered Vlan1
ip nat inside
ip virtual-reassembly in
peer default ip address dhcp-pool vpn-dhcp-pool
no keepalive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap ms-chap-v2
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0 secondary
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
ipv6 address FE80::1 link-local
ipv6 address autoconfig
ipv6 enable
ipv6 nd other-config-flag
!
interface Dialer1
bandwidth 2500
bandwidth receive 30000
ip ddns update hostname **********.dyndns.org
ip ddns update DynDNS
ip address negotiated
ip mtu 1492
ip tcp adjust-mss 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer redial interval 120 attempts 60
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ***********
ppp chap password ***********
ppp pap sent-username *********** password 7 ***********
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
router rip
version 2
passive-interface default
no passive-interface Vlan1
network 192.168.1.0
no auto-summary
!
ip http server
no ip http secure-server
!
!
ip dns server
ip dns spoofing 212.205.212.205
ip nat translation timeout 900
ip nat translation tcp-timeout 900
ip nat translation udp-timeout 900
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.240 80 interface Dialer1 48081
ip nat inside source static tcp 192.168.1.5 3389 interface Dialer1 43389
ip nat inside source static tcp 192.168.1.240 554 interface Dialer1 554
ip nat inside source static tcp 192.168.1.240 8000 interface Dialer1 8000
ip nat inside source static tcp 192.168.1.240 443 interface Dialer1 48443
ip nat inside source static tcp 192.168.1.5 49888 interface Dialer1 49888
ip nat inside source static udp 192.168.1.240 554 interface Dialer1 554
ip nat inside source static udp 192.168.1.240 8000 interface Dialer1 8000
ip nat inside source static udp 192.168.1.5 49888 interface Dialer1 49888
ip nat inside source static tcp 192.168.1.5 21 interface Dialer1 48821
ip nat inside source static tcp 192.168.1.5 40000 interface Dialer1 40000
ip nat inside source static tcp 192.168.1.5 40001 interface Dialer1 40001
ip nat inside source static tcp 192.168.1.5 40002 interface Dialer1 40002
ip nat inside source static tcp 192.168.1.5 40003 interface Dialer1 40003
ip nat inside source static tcp 192.168.1.5 40004 interface Dialer1 40004
ip nat inside source static tcp 192.168.1.5 40005 interface Dialer1 40005
ip nat inside source static tcp 192.168.1.5 40006 interface Dialer1 40006
ip nat inside source static tcp 192.168.1.5 40007 interface Dialer1 40007
ip nat inside source static tcp 192.168.1.5 40008 interface Dialer1 40008
ip nat inside source static tcp 192.168.1.2 22 interface Dialer1 49022
ip route 192.168.0.0 255.255.255.0 Vlan1
!
ip access-list standard AllowedSSH
permit 192.168.0.0 0.0.255.255
permit 10.0.0.0 0.0.0.255
!
!
access-list 1 permit 192.168.0.0 0.0.255.255
dialer-list 1 protocol ip permit
!
!
ipv6 access-list ipv6_local
permit ipv6 any any
bridge 1 protocol ieee
banner motd C
##############################################

Beware these are trecherous domains.....

#############################################

!
line con 0
password ***********
login local
no modem enable
line aux 0
line vty 0 4
exec-timeout 0 0
password ***********
logging synchronous
login local
transport input all
!
scheduler allocate 60000 1000
end

Georg Pauwen · ‎01-23-2018

Hello,

the configuration looks ok as far as I can see.

I had a case in the past where adjusting the buffers solved a similar problem. Can you post the output of 'show buffers' ?

sokin87 · ‎01-23-2018

Ok below are my show buffers output. In my try to capture data from the youtube app I tried to use a proxy and noticed that by using my isp proxy the problem stops, I think that it might help narrow the problem. Still I have not captured data but it seems to be meaningless if the problem isn't there anyway.

Buffer elements:
637 in free list (500 max allowed)
299801 hits, 0 misses, 618 created

Public buffer pools:
Small buffers, 104 bytes (total 50, permanent 50, peak 92 @ 10:12:25):
49 in free list (20 min, 150 max allowed)
150556 hits, 14 misses, 42 trims, 42 created
0 failures (0 no memory)
Middle buffers, 600 bytes (total 25, permanent 25, peak 40 @ 10:12:25):
22 in free list (10 min, 150 max allowed)
56736 hits, 5 misses, 15 trims, 15 created
0 failures (0 no memory)
Big buffers, 1536 bytes (total 50, permanent 50, peak 51 @ 10:12:52):
50 in free list (5 min, 150 max allowed)
24034 hits, 0 misses, 1 trims, 1 created
0 failures (0 no memory)
VeryBig buffers, 4520 bytes (total 10, permanent 10, peak 11 @ 10:12:52):
10 in free list (0 min, 100 max allowed)
20 hits, 0 misses, 1 trims, 1 created
0 failures (0 no memory)
Large buffers, 5024 bytes (total 1, permanent 0, peak 1 @ 10:13:15):
1 in free list (0 min, 10 max allowed)
1 hits, 0 misses, 3 trims, 4 created
0 failures (0 no memory)
Huge buffers, 18024 bytes (total 3, permanent 0, peak 3 @ 07:58:15):
3 in free list (0 min, 4 max allowed)
16 hits, 2 misses, 4 trims, 7 created
0 failures (0 no memory)

Interface buffer pools:
Syslog ED Pool buffers, 600 bytes (total 133, permanent 132, peak 133 @ 10:12:49):
101 in free list (132 min, 132 max allowed)
54 hits, 0 misses
IPC buffers, 4096 bytes (total 2, permanent 2):
1 in free list (1 min, 8 max allowed)
1 hits, 0 fallbacks, 0 trims, 0 created
0 failures (0 no memory)
IPC Medium buffers, 16384 bytes (total 2, permanent 2):
2 in free list (1 min, 8 max allowed)
0 hits, 0 fallbacks, 0 trims, 0 created
0 failures (0 no memory)
IPC Large buffers, 65535 bytes (total 2, permanent 2):
2 in free list (1 min, 8 max allowed)
0 hits, 0 misses, 0 trims, 0 created
0 failures (0 no memory)

Header pools:
Header buffers, 0 bytes (total 512, permanent 256, peak 512 @ 10:13:15):
256 in free list (256 min, 1024 max allowed)
171 hits, 85 misses, 0 trims, 256 created
0 failures (0 no memory)
256 max cache size, 256 in cache
27500 hits in cache, 0 misses in cache

Particle Clones:
1024 clones, 0 hits, 0 misses

Public particle pools:
F/S buffers, 256 bytes (total 768, permanent 768):
256 in free list (128 min, 1024 max allowed)
512 hits, 0 misses, 0 trims, 0 created
0 failures (0 no memory)
512 max cache size, 512 in cache
0 hits in cache, 0 misses in cache
Normal buffers, 512 bytes (total 512, permanent 512):
384 in free list (128 min, 1024 max allowed)
128 hits, 0 misses, 0 trims, 0 created
0 failures (0 no memory)
128 max cache size, 128 in cache
0 hits in cache, 0 misses in cache

Private particle pools:
HQF buffers, 0 bytes (total 2000, permanent 2000):
2000 in free list (500 min, 2000 max allowed)
0 hits, 0 misses, 0 trims, 0 created
0 failures (0 no memory)
Ethernet0 buffers, 512 bytes (total 2048, permanent 2048):
0 in free list (0 min, 2048 max allowed)
2048 hits, 0 fallbacks
2048 max cache size, 1024 in cache
14607785 hits in cache, 0 misses in cache
14 buffer threshold, 0 threshold transitions
ATM0 buffers, 512 bytes (total 2048, permanent 2048):
0 in free list (0 min, 2048 max allowed)
2048 hits, 0 fallbacks
2048 max cache size, 2048 in cache
0 hits in cache, 0 misses in cache
14 buffer threshold, 0 threshold transitions
GigabitEthernet0 buffers, 512 bytes (total 2048, permanent 2048):
0 in free list (2048 min, 2048 max allowed)
2048 hits, 0 fallbacks
2048 max cache size, 1536 in cache
4023691 hits in cache, 0 misses in cache
CRYPTO_HW buffers, 640 bytes (total 2048, permanent 2048):
0 in free list (0 min, 2048 max allowed)
2048 hits, 0 fallbacks
2048 max cache size, 1536 in cache
512 hits in cache, 0 misses in cache

Georg Pauwen · ‎01-24-2018

Hello,

since you narrowed it down to the ISP proxy, buffer adjustment is probably redundant.

Either way, you could try the values below:

buffers small permanent 60
buffers middle permanent 30
buffers huge permanent 6

sokin87 · ‎01-24-2018

Hi, I tried the buffer tunning still the same problem. The proxy is small workaround on a single smartphone as it is manual entered to the specific wifi ssid, it is not a real solution just something to consider in the possibilities.

Now I have an idea that it might be the ipv6, as when you resolve a youtube domain it returns both ipv6 and ipv4 address. Even that the router hasn't an ipv6 address on dialer or gateway it prefers the ipv6 ending in "% No valid source address for destination" of course.

I think something similar might happen on the smartphone. It resolves the domain to ipv6/ipv4 and prefer the ipv6 until it timeout and then connect through ipv4.

Would it explain why it works normally via the proxy which is only ipv4 or when CEF is disabled ?

I will test some assumptions I have and inform you, thanks everyone for their time.

emanuel360 · ‎01-27-2018

Hi,
Is it possible that you are experiencing something like CEF polarization?
Have you tried any fine tunning for CEF itself?
Depending on yout platform, maybe you can use "ip cef" or "mls ip cef" in global config mode.
You may not notice any difference at all, I'm just wondering, beacause I don't see any reference about that.

Good luck.

sokin87 · ‎01-30-2018

I tried different cef optimizations but the same :( , but I don't use multiple gateways just the dialer1 to my isp, so no load balance, just a single default route. I have a 2811 laying around somewhere and I will give it a try to if it is the cef problem in general or just the 867. As I mentioned this happens to 2 different 867VAE. I will post here my findings, Thanks you all.

sokin87 · ‎01-29-2019

The solution: I don't know why exactly but by disabling route-cache cef (no ip route-cache cef) on the vlan interface did the trick and the youtube is very fast again. This seems that it does not affect the routing capability of the router in comparison to no ip cef globally "solution" in which bandwidth dropped in half. I hope this helps anyone else having a similar problem. Thank you.