[c-nsp] Crypto and CEF

Rikard Stemland Skjelsvik rskjels at pogostick.net
Mon Jun 11 04:38:34 EDT 2007


Good morning!


Last week i had a problem with a router that was used as a vpn backup over 
internet, since we had a problem with the main link.

The problem was that our customers could not access any service and
ping probe showed that 50% of all packets were lost. My initial response
was check if there was any load balancing or redundant links. There were 
none. I checked the CEF and could not find anything out of the ordinary.
When i looked at the ARP table, i found lot off incomplete mac-addresses
on the LAN. An older collegue suggested turning off CEF.

When i turned off CEF, everything started to work. I asked my more 
experienced collegue as to why and he could not give me an answer. He just 
said that he had experienced problems before with crypto and CEF.

I wondered if anyone on this list, could share some insight as to why
CEF and crypto can be problematic.

Thank you!

Regards,
Rikard


More information about the cisco-nsp mailing list