Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

6 week online course

Start now!
back to overview

CEF per-destination load sharing algorithms

According to the Cisco IOS documentation, you can select between the original and the universal CEF load sharing algorithm with the ip cef load-sharing algorithm name parameter global configuration command (we'll leave the tunnel algorithm aside for the moment). Of course, they don't tell you what you select.

The original algorithm used only the source and destination IP addresses to get the 4-bit hash entry (see the CEF Load Sharing Details for more information), which could result in suboptimal network utilization in some border cases (if anyone wants to know why, leave me a comment). The universal algorithm adds a router-specific value to the hash function, ensuring that the same source-destination pair will hash into a different 4-bit value on different boxes. If you really want to fine-tune the hash function, you can even specify the value to be added with the last option of the ip cef load-sharing algorithm command.


  1. I would love to know what the tunnel algorithm does. We want to load share between just a few hosts and destinations and this seems like it would work better than the others based on the cisco description, but I can't find any detail on the tunnel algorithm.

  2. Regardless of what any load-sharing algorithm actually does, if it spreads the load based on source/destination IP addresses only, it will (statistically) not behave too well in an environment with a small number of hosts. For such an environment, you need per-flow load sharing.

    I did a few tests with the tunnel algorithm and it definitely does NOT consider source/destination address of the encapsulated IP packet within the GRE payload. The only other available information is from the Cisco web site saying that it would perform better than the universal algorithm in tunnel-heavy (where the interim routers only see tunnel endpoints).

  3. I'd love to implement per-flow, but I have a 6509 with a sup2 and it does not seem to support 12.4(11)T. It was the second half of cisco load-sharing algorithm tunnel command description that was giving me hope: "or in environments where there are only a few IP source and destination address pairs." Are there any additional thoughts on this?

  4. I have a c7600/sup720/12.2(33)SRE box that I am trying to improve the 3x1GigE BGP multihop distribution... we have only a few soruce/dest pairs, and one link has only a few pps(40 right now) outbound, the other two are 200M each... we have other BGP mh sessions that are similar, so I figured it was CEF related hashing.... I just added "ip cef load-sharing algorithm include-ports source destination" with no luck -- no change in traffic distribution. Whatever our eBGP neigh is doing, they spread the load pretty well... we don't. Sh ip cef X still shows "per-destination sharing" in the output. I tried a clear of the cef table as well. Do I need to refresh the RIB (flap BGP, etc)? I can't do that now.

  5. I just added "mls ip cef load-sharing full" to acompish the proper effect... but I don't yet understand why this is under the mls function??

    3x static routes to BGP multihop neighbor loopback

  6. Ivan Pepelnjak01 July, 2011 17:47

    6500 is a "very special" device and it's multi-layer switching (MLS) is full of caveats and murkiness that needs to be hand-tweaked with "mls ..." commands, most of them hidden and/or undocumented.

  7. Hi, I just had adiscussion about the algorthm of loadsharing and found these hints. Given a table with 5 entries does it mean that 3 go line 1 and 2 line 2 and the next entry would go line 2 as well or there a different algorthm used?

  8. i have 3560-24PS through which a GRE tunnel is passing through. Though the routing table and CEF shows two equal cost path for next hop, the packets are always sent via one path.CEF load sharing algorithm was changed from universal to tunnel, even then also both the paths are not being used. This product does not support per packet load sharing. Please Advice me a work around with which i can utilise both the available path.


You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.