How good is CEF?

mzinzmzinz Member Posts: 328
I have a router that is currently doing all the internal routing for our network. There are several different subnets and vlans, and all traffic is going through the routers subinterfaces.

Due to a Cisco IOS bug, I had to turn off CEF. I'm noticing that the router is averaging high 90's for CPU usage due to all the IP traffic.

Would enabling CEF give me a large performance boost? This router has a large routing table and connects many hosts across many networks.

Just pinging from one host to another is taking 5ms... these hosts are only 1 switch down, but are on different VLANs (and subnets, obviously).
_______LAB________
2x 2950
2x 3550
2x 2650XM
2x 3640
1x 2801

Comments

  • kryollakryolla Member Posts: 785
    Due to a Cisco IOS bug, I had to turn off CEF

    Why are you going to turn on cef if you have identified a bug? First I would fix the bug maybe an IOS upgrade then turn on cef. I dont know what your CPU util will be after you turn on cef but it will definitely go down that is why cisco made it a default. Im suprised you let it get that high without any planning of load shedding or migrations.
    I have a router that is currently doing all the internal routing

    I guess there is no redundancy which is not good and also what type of router is this
    Studying for CCIE and drinking Home Brew
  • tierstentiersten Member Posts: 4,505
    mzinz wrote: »
    Due to a Cisco IOS bug, I had to turn off CEF.
    What bug? Upgrade, downgrade or shout at Cisco to get that bug fixed or worked around.
    mzinz wrote: »
    Would enabling CEF give me a large performance boost?
    Yes. If you disable CEF then the router will fall back to process switching which is slow and extremely CPU intensive.
  • redwarriorredwarrior Member Posts: 285
    CEF is all that and a bag of chips whereas process-switching is 80's style. Have you called TAC to identify a way to get around that "bug?"

    CCNP Progress

    ONT, ISCW, BCMSN - DONE

    BSCI - In Progress

    http://www.redwarriornet.com/ <--My Cisco Blog
  • mzinzmzinz Member Posts: 328
    Hi guys. Thank you for all the responses. I'll sorta go down the list here:
    Why are you going to turn on cef if you have identified a bug? First I would fix the bug maybe an IOS upgrade then turn on cef. I dont know what your CPU util will be after you turn on cef but it will definitely go down that is why cisco made it a default. Im suprised you let it get that high without any planning of load shedding or migrations.

    I'm not going to turn on CEF until I upgrade the IOS. This particular bug only surfaces after a high amount of VPN tunnels are created - because of that, I was not able to predict it in my initial testing. Turning off CEF was what had to be done to keep sites up - slowing connections was the lesser of two evils in this case.
    I guess there is no redundancy which is not good and also what type of router is this

    Correct, there currently is no redundancy. These were the limitations I was given, though. 3800 series.
    What bug? Upgrade, downgrade or shout at Cisco to get that bug fixed or worked around.

    Implementation has only been live one week, and sites work around the clock. Upgrading the IOS will require scheduled downtime, which I'm working on now.
    Yes. If you disable CEF then the router will fall back to process switching which is slow and extremely CPU intensive.

    Is there any way to predict how much more CPU is used by not using CEF?
    CEF is all that and a bag of chips whereas process-switching is 80's style. Have you called TAC to identify a way to get around that "bug?"

    To be totally honest, this is the worst build I've ever used. There is no way around it other than upgrading the IOS. This implementation has been live for exactly a week now, and I've already identified three different bugs - ALL significant. This particular bug (CEF) is the worst, and there is also another one in another post I made which is causing static routes to not redistribute through EIGRP.

    I'll be scheduling some downtime for next week, hopefully. Thanks again for your help.
    _______LAB________
    2x 2950
    2x 3550
    2x 2650XM
    2x 3640
    1x 2801
  • tierstentiersten Member Posts: 4,505
    mzinz wrote: »
    I'm not going to turn on CEF until I upgrade the IOS. This particular bug only surfaces after a high amount of VPN tunnels are created - because of that, I was not able to predict it in my initial testing. Turning off CEF was what had to be done to keep sites up - slowing connections was the lesser of two evils in this case.
    Is that what Cisco TAC suggested?
    mzinz wrote: »
    Is there any way to predict how much more CPU is used by not using CEF?
    Put it this way, the rated performance for a 3845 with CEF is 500KPPS and 256Mbps. A 3845 with process switching is only 35KPPS and 17.92Mbps.

    Disabling CEF or forcing a large percentage of traffic through process switching is not a good idea as you can see. The only time it ever happens if is there is a configuration issue or you're debugging something. In normal usage, you shouldn't ever have that.
    mzinz wrote: »
    To be totally honest, this is the worst build I've ever used. There is no way around it other than upgrading the IOS. This implementation has been live for exactly a week now, and I've already identified three different bugs - ALL significant. This particular bug (CEF) is the worst, and there is also another one in another post I made which is causing static routes to not redistribute through EIGRP.
    What version of IOS do you have on there?
  • networker050184networker050184 Mod Posts: 11,962 Mod
    You should really tell your employer that a bug of this caliber can not wait until next week to fix. If its running around 90% CPU the thing could drop at any time due to a traffic spike or anything that would spike the CPU a couple percent. Very dangerous IMO and I would upgrade ASAP. Haven't they ever heard of emergency down time?
    An expert is a man who has made all the mistakes which can be made.
  • shednikshednik Member Posts: 2,005
    You should really tell your employer that a bug of this caliber can not wait until next week to fix. If its running around 90% CPU the thing could drop at any time due to a traffic spike or anything that would spike the CPU a couple percent. Very dangerous IMO and I would upgrade ASAP. Haven't they ever heard of emergency down time?

    Agreed completely...is there any other device that can pick up the routing? How much space is on the flash for the 3845 could you upload it and schedule the down time, It shouldn't be that long. Its a risk but what happens if the device just drops? Then what you have no redundancy!
  • marlon23marlon23 Member Posts: 164 ■■□□□□□□□□
    Can you give me SR number or Bug IDs ?
    LAB: 7609-S, 7606-S, 10008, 2x 7301, 7204, 7201 + bunch of ISRs & CAT switches
  • APAAPA Member Posts: 959
    You should really tell your employer that a bug of this caliber can not wait until next week to fix. If its running around 90% CPU the thing could drop at any time due to a traffic spike or anything that would spike the CPU a couple percent. Very dangerous IMO and I would upgrade ASAP. Haven't they ever heard of emergency down time?

    I second this..... absolutely no good reason to disable CEF...

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • jrs91jrs91 Member Posts: 64 ■■□□□□□□□□
    I have tested running routers with and without CEF and it makes a LARGE difference in cpu utilization.

    There is a document on the cisco site the shows the theoretical performance of most router platforms with CEF both enabled and disabled. Wish I had the link handy but i'd have to search for it and i'm busy studying right now.
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    jrs91 wrote: »
    I have tested running routers with and without CEF and it makes a LARGE difference in cpu utilization.

    There is a document on the cisco site the shows the theoretical performance of most router platforms with CEF both enabled and disabled. Wish I had the link handy but i'd have to search for it and i'm busy studying right now.


    I think this is the link:

    http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

    The only reason I have ever know for disabling CEF was because it used additional memory for the CEF tables but this is probably irrevelant these days where routers and switches will typically have enough memory. I guess another case is where you have hit a documented bug and TAC tells you to turn it off (cringe!)
    The only easy day was yesterday!
Sign In or Register to comment.