From: Charles Church (cchurch@wamnet.com)
Date: Sun May 04 2003 - 23:06:38 GMT-3
Mike,
Nothing wrong with venting every now and then. Someone should have told
Mt. Vesuvius that :) I think that Cisco intentionally left some features
out of the Sup 3/4 so as not to cut into the MSFC sales. Cisco wants the
6500 to be everything, with things like the NAM, the Firewall module, the
IDS module, etc. It'll support NBAR and other things that the 4000 can't.
Unfortunately, these left-out features can be at times good troubleshooting
methods. Think of the sup3/4 as a '67 Vette with a 427. Fast, but not real
refined. The MSFC is more like a brand new one. Even faster, but with more
bells and whistles. Sorry for the car reference, but it's the first thing I
could think of...
Chuck Church
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 585-233-2706
cchurch@wamnet.com
-----Original Message-----
From: Mike Williams [mailto:ccie2be@swbell.net]
Sent: Sunday, May 04, 2003 6:08 PM
To: 'Charles Church'
Cc: 'CCIELab@Groupstudy.com'
Subject: RE: how to disable "cef" on catalyst 4006?
Chuck,
(Preface: The tone of this e-mail may sound "bitchy" but I'm not really
intending for it to sound like that..... Especially towards you Chuck,
as I know what you're talking about and you're no dummy. I'm just using
this as a chance to vent =)
Fair enough. I perhaps was playing down a bit too much the performance
gains that CEF adds (or even fast-switching). However, as you point
out, L3 switches get their speed from ASICs, but this isn't here nor
there as far as not being able to turn off CEF, as far as I'm concerned.
I'll tell ya why. The very 6500s you mention, which we have and love,
you can either turn CEF on or off globally or per L3 interface. They
use ASICs too, but that doesn't prevent you from disabling CEF. So just
because a box uses ASICs does preclude the ability to turn on/off
various features, right? Besides, fast-switching is a software-based
cache system, so if the 4x00s don't support disabling CEF and using
Fast-switching, then that's proof Cisco made a poor choice by not
including a software feature in that IOS that was available in IOSes
back to 10.x and probably even further back. With IOS images well over
10, 16 and 20 MB, I can't see leaving out 256K (or whatever the size,
you know for a caching mechanism it can't be too large or the old
devices using IOS that was only a few meg couldn't have implemented it)
of code for such a valuable feature.
I guess I was simply saying that I'm not happy with Cisco for making it
where you CANNOT turn off CEF. I haven't tried this on a 4x00, but in
my experience with all other L3 Cisco devices, you MUST process switch
if you want to debug, so how would you debug L3 stuff on a 4x00 running
L3?!?! Besides, if I want to take the performance hit by using
fast-switching or even process-switching instead of CEF, that should be
my choice as the customer, no their choice as the vendor. (Like I said,
CEF has it own problems and bugs, so if say, a CEF-related bug bites me
on my production network, it would be nice to be able to turn off CEF
and revert to fast-switching to get things running normally while I
research and find the long term solution... I don't think I should be
faulted for EXPECTING this level of functionality from Cisco gear as
it's always had it in the past).
Whew....... Okay... Back to your regularly scheduled list.... LOL
Mike W.
-----Original Message-----
From: Charles Church [mailto:cchurch@wamnet.com]
Sent: Sunday, May 04, 2003 4:36 PM
To: Mike Williams
Cc: CCIELab@Groupstudy.com
Subject: RE: how to disable "cef" on catalyst 4006?
Mike,
The layer 3 switches get their blazing speed from ASICs, which
can do the forwarding algorithm in hardware. I believe that CEF is the
'Application' that the ASIC is using, and other performance forwarding
algorithms aren't available in hardware. So your only choice is to
force every packet through the CPU by totally disabling route-caching.
On most of the router platforms, there is a 10x difference between fast
and process-switched PPS ratings. On a layer 3 switch, it'd probably be
closer to a 100x difference. I know that some people on my company have
had to install 6500s with MSFC2 and disable route caching because it
interferes with NAT on the box. 100mbit or so of traffic will run the
CPU at 80%. Compare that to the MSFC2's rating of 15 million PPS and 7+
gbit of throughput. From what I see, Cisco considers CEF to be it's
preferred mode, so it's preferring that over everything else. They're
refining it as they progress (CEF - dCEF - aCEF), but they seem to like
it. I think Nishant's problem is just a flaky bug they haven't fixed
yet. There's really no reason it shouldn't work. I use CEF with
floating statics all the time, never had an issue. It seems to be a
platform-specific problem.
Thanks,
Chuck Church
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 585-233-2706
cchurch@wamnet.com
-----Original Message-----
From: Mike Williams [mailto:ccie2be@swbell.net]
Sent: Sunday, May 04, 2003 1:23 PM
To: 'Charles Church'
Cc: CCIELab@Groupstudy.com
Subject: RE: how to disable "cef" on catalyst 4006?
Chuck,
I don't see why Cisco would make it where you couldn't disable CEF. I
mean, I realize it helps performance, it does have it's share of
problems, and if you CAN'T disable it, then you're screwed if you try to
debug or something at L3. From talking with Nishant, apparently (at
least his version of IOS) doesn't support 'no ip route-cache cef'
interface command, so again, you're out of luck. I surely hope for his
sake this is an IOS bug, as the command is available for him in global
config mode, it just gives an error. But, if there's NO way to disable
CEF, at least per interface if not globally, then that makes me thing
our choice to buy them may have not been the wisest. In all
seriousness, we say stuff like "You could always turn off route-caching,
but with a horrible performance drop" and in theory that is true,
especially on an old 2500 router handling 2 T1s or something, but it
seems that with the CPUs in these 4x00s and 6500s, you'd have to be
really taxing the system good before turning off CEF would knock the CPU
usage up high enough to make it where you HAD to turn CEF back on. Just
my 2 cents.
Mike W.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Charles Church
Sent: Sunday, May 04, 2003 10:20 AM
To: Nishant Sharma (IT); ccielab@groupstudy.com
Cc: kymblair@hotmail.com
Subject: RE: how to disable "cef" on catalyst 4006?
Nishant,
I don't think disabling CEF is a good solution. The Sup3/4 are
designed hardware-wise around CEF. I don't think any other kind of fast
switching is available on them. You could always turn off
route-caching, but with a horrible performance drop. I'd first try a
newer IOS, since the Sup3 and 4 are pretty new and may have had weird
issues like this with the first couple of code releases. If the newest
one still has the issue, then call TAC. Be sure to check the release
notes for whatever image you want to try, to make sure there isn't a bug
in there that would make your situation worse. HTH.
Chuck Church
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 585-233-2706
cchurch@wamnet.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Nishant Sharma (IT)
Sent: Sunday, May 04, 2003 12:40 AM
To: ccielab@groupstudy.com
Cc: kymblair@hotmail.com
Subject: how to disable "cef" on catalyst 4006?
Dear All,
How do we disable "CEF" on catalyst 4006 coz "no ip cef" command is not
working? When I give this command it gives this error -
Core-I-Switch(config)#no ip cef
%Cannot disable CEF on this platform
Please suggest a solution as this is hindering me to install floating
static routes, ie, even if my primary static route goes down it doesn't
take a static route which I have assigned with a higher AD and when I
issue a "sh ip cef" it still shows me entries for the previous route.
Regards,
Nishant
------------------------------------------------------------------------
---- - -------------------------- "The information in this e-mail is the property of Daksh and may be confidential and privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised.If you are not the intended recipient, any disclosure, copying, distribution or any action taken in reliance on it is prohibited and may be unlawful. If you receive this message in error, please notify the sender immediately and delete all copies of this message." ------------------------------------------------------------------------ ---- - -------------------------
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:37 GMT-3