[c-nsp] Cisco CEF Hashing algorithm
Joe Provo
jzp-cnsp at rsuc.gweep.net
Wed Dec 27 17:06:05 EST 2006
On Wed, Dec 27, 2006 at 04:17:47PM -0500, Ed Ravin wrote:
> On Wed, Dec 27, 2006 at 03:26:46PM -0500, Matthew Crocker wrote:
> > I'm having a weird problem where some of my IPs can web browse and
> > some cannot.
[snip]
> More than once, I've seen that happen, where some IP blocks suddenly
> stopped working, either as sources or as destinations. During one of
[snip]
All vendors have various proprietary hashing techniques for
load-sharing. Various things in-device can cause outages or
degregation, and it is many worse by network operators adding
layers of complexity.
One pernicious problem my colleagues and I diagnosed with a
transit provider turned out to be a bad PIC on a juniper that
only received traffic hashed on certain octets, etc. To
properly diagnose this kind of thing, you need to do some
proper engineering and test. Aaassemble:
- offnet friendlies
- on-net address space you can selectively announce
- on-net device with iperf from which to launch test to
friendlies
...and perform tests narrowing down the conditions under
which the problem is observed. Take the data to the carrier,
indicate where you see the problem, demand to repeat testing
taking their suspect elements out of the loop (ie, fail a
port), escalate and refuse payment as needed, etc.
Not rocket science, just normal science. Standard stuff I
would think you've encountered before Matt.
Cheers,
Joe
--
RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
More information about the cisco-nsp
mailing list