[c-nsp] 3640 and 3DES IPSec

Ted Mittelstaedt tedm at toybox.placo.com
Sat Sep 24 04:15:54 EDT 2005



>-----Original Message-----
>From: Tim Franklin [mailto:tim at colt.net]
>Sent: Friday, September 23, 2005 2:10 AM
>To: 'Ted Mittelstaedt'; 'Kevin Graham'; 'barney gumbo'
>Cc: cisco-nsp at puck.nether.net
>Subject: RE: [c-nsp] 3640 and 3DES IPSec
>
>
>> Oh come off it, there's been reports of problems with CEF for
>> years.  And it hasn't gone away anytime soon, I had a new
>> load-balanced ip cef setup blow chunks running 12.2 IOS about
>> 3-4 months ago on a 3620.  I finally threw the config in the trash
>> and went to MPPP and it's run fine ever since.
>>
>> The only time I've had CEF work right was on our 7206's running
>> 12.2 and none of them are doing load balancing.  And that only
>> happened in the last year or so, previously I'd get random reboots
>> on them when it was enabled.
>
>Are you mixing up "CEF" and "CEF load-sharing"?

yes.  It was just an example.  The router I had blow chunks ran fine
with ip cef before trying the load balancing horseshit.  Of course it was
running 12.2  I have had trouble with regular ip cef on 12.1 and earlier
IOS trains.  I was using that as an example to illustrate that cef hasn't
been fully debugged yet.  They have fixed the obvious stuff like regular
packet forwarding, but the load balancing code in cef is still shakey.

It's crazy since cef has been around for years and a number of versions,
but I have always had problems with it even with textbook plain jane
configs until the latest IOS trains, basically 12.2   But a lot of the
routers
we are responsible for are older ones like 1600's that have restricted
ram that pretty much tops them out at 12.0  That's slowly changing but
it's not really possible to convince a customer that the router they have
been using and that is purring away in the corner without trouble
suddenly
needs to be replaced.

Ted



More information about the cisco-nsp mailing list