[c-nsp] Get Cisco CEF hash function

Saku Ytti saku at ytti.fi
Wed Dec 17 11:08:57 EST 2014

On (2014-12-17 10:25 +0100), Xavier Nicollet wrote:


> I know I could use
>  show ip cef [VIP/32] detail
>  show ip cef [VIP/32] internal
> or
>  show mls cef exact-route [IPSRC] [VIP]
> However, I guess it would be easier to have exact internal hashing
> algorithm.
> Or is there another way to monitor each real server with such configuration

You probably want to have unicast address as well as anycast address and NMS
the unicast address.
I don't think the hash algorithm is publically documented, as vendor probably
does not want customers to rely on it not changing.

I like this configuration, but there is one catch to it, it tends to make
PMTUD issues more pronounced, as there are no guarantees that the ICMP message
generated by transit router will reach correct server, so it might cause
There are two cures for this, use smaller MTU on servers, which is
statistically unlikely to be too large for relevant portion of hosts. Second,
prettier solution is to ask vendor to do ECMP hash for the embedded IP packet
in ICMP message, instead of the top headers.

More information about the cisco-nsp mailing list