[c-nsp] Why is CEF disabled on dynamic interfaces?
Ed Ravin
eravin at panix.com
Fri Jun 24 12:35:21 EDT 2005
We have a 7206 non-VXR with an NPE-150 running IOS 12.2(15)T15. As
previously discussed on this list, we can't upgrade it past 12.2T since
12.3 and onwards don't support the NPE-150 anymore.
We've got a bunch of DSL users coming in via ATM, using PPPoE or
PPPoA to authenticate. The DSL users get a dynamically-created
interface based on a "Virtual-Template" description and the attribute-value
pairs sent by the RADIUS server.
The problem we're having is that CEF is disabled on the dynamically
created "Virtual-Access" interfaces. This is indicated by the
"show cef int <interface>" command:
Virtual-Access93 is up (if_number 240)
Corresponding hwidb fast_if_number 240
Corresponding hwidb firstsw->if_number 240
Internet address is 0.0.0.0/0
Unnumbered interface. Using address of Loopback1 (209.166.192.42)
ICMP redirects are always sent
Per packet load-sharing is disabled
IP unicast RPF check is enabled
[...]
Interface is marked as point to point interface
Hardware idb is Virtual-Access93
Fast switching type 7, interface type 21
IP CEF switching disabled
[...]
After some research, we discovered that if we removed "ip route-cache flow"
from the Virtual-Template, AND if we do NOT use a construction like
'cisco-avpair = "lcp:interface-config..."', such as:
cisco-avpair = "lcp:interface-config#1=description"
in the RADIUS entry, THEN and only then does CEF get enabled.
This is a bummer - we need CEF for performance, and we also need to
be able to push an interface description or route for a backend network.
Doing the latter via cisco-avpairs loses CEF.
Apparently this problem doesn't happen in 12.3T. Any ideas for
workarounds, other than biting the bullet and upgrading the router
hardware so we can use a later IOS?
Thanks,
-- Ed
More information about the cisco-nsp
mailing list