[c-nsp] Get Cisco CEF hash function

[Saku Ytti]

Hey,

7600 certainly can't, by design. But things like ASR1k, ASR9k would
have HW capability for it, if there is customer demand.

On 17 December 2014 at 18:35, Xavier Nicollet <xnicollet at gmail.com> wrote:
> Thanks for the answer.
>
> I hadn't thought about that. I wasn't using tunnels just to be sure PMTUD
> would not hit me (ouch !).
>
> I am not sure Cisco IOS can load-balance on embeded IP packet as you say.
>
> Cheers,
>
> 2014-12-17 17:08 GMT+01:00 Saku Ytti <saku at ytti.fi>:
>>
>> On (2014-12-17 10:25 +0100), Xavier Nicollet wrote:
>>
>> Hey,
>>
>> > I know I could use
>> >  show ip cef [VIP/32] detail
>> >  show ip cef [VIP/32] internal
>> > or
>> >  show mls cef exact-route [IPSRC] [VIP]
>> >
>> > However, I guess it would be easier to have exact internal hashing
>> > algorithm.
>> > Or is there another way to monitor each real server with such
>> > configuration
>>
>> You probably want to have unicast address as well as anycast address and
>> NMS
>> the unicast address.
>> I don't think the hash algorithm is publically documented, as vendor
>> probably
>> does not want customers to rely on it not changing.
>>
>> I like this configuration, but there is one catch to it, it tends to make
>> PMTUD issues more pronounced, as there are no guarantees that the ICMP
>> message
>> generated by transit router will reach correct server, so it might cause
>> blackholing.
>> There are two cures for this, use smaller MTU on servers, which is
>> statistically unlikely to be too large for relevant portion of hosts.
>> Second,
>> prettier solution is to ask vendor to do ECMP hash for the embedded IP
>> packet
>> in ICMP message, instead of the top headers.
>> --
>>   ++ytti
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> --
> Xavier Nicollet



-- 
  ++ytti