[c-nsp] Get Cisco CEF hash function

Xavier Nicollet xnicollet at gmail.com
Wed Dec 17 11:35:09 EST 2014

Thanks for the answer.

I hadn't thought about that. I wasn't using tunnels just to be sure PMTUD
would not hit me (ouch !).

I am not sure Cisco IOS can load-balance on embeded IP packet as you say.


2014-12-17 17:08 GMT+01:00 Saku Ytti <saku at ytti.fi>:
> On (2014-12-17 10:25 +0100), Xavier Nicollet wrote:
> Hey,
> > I know I could use
> >  show ip cef [VIP/32] detail
> >  show ip cef [VIP/32] internal
> > or
> >  show mls cef exact-route [IPSRC] [VIP]
> >
> > However, I guess it would be easier to have exact internal hashing
> > algorithm.
> > Or is there another way to monitor each real server with such
> configuration
> You probably want to have unicast address as well as anycast address and
> the unicast address.
> I don't think the hash algorithm is publically documented, as vendor
> probably
> does not want customers to rely on it not changing.
> I like this configuration, but there is one catch to it, it tends to make
> PMTUD issues more pronounced, as there are no guarantees that the ICMP
> message
> generated by transit router will reach correct server, so it might cause
> blackholing.
> There are two cures for this, use smaller MTU on servers, which is
> statistically unlikely to be too large for relevant portion of hosts.
> Second,
> prettier solution is to ask vendor to do ECMP hash for the embedded IP
> packet
> in ICMP message, instead of the top headers.
> --
>   ++ytti
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

Xavier Nicollet

More information about the cisco-nsp mailing list