Building Network Automation Solutions
6 week online course starting in September 2017

EBGP multipath load sharing and CEF

When I was discussing the details of the BGP troubleshooting video with one of my readers, he pointed out that I should mention the need for CEF switching in EBGP multipath scenario. My initial response was “Why would you need CEF? EBGP multipath is older than CEF” and his answer told me I should turn on my gray cells before responding to emails: “Your video as well as Cisco’s web site recommends CEF for EBGP multipath design … but interestingly, it does work without CEF”.

The real reason we need CEF in EBGP load sharing designs is the efficacy of load distribution. Without CEF, the router will send all traffic toward a single BGP prefix over one of the links (fast switching performs per-destination-prefix load sharing). With CEF, the load is distributed based on the source-destination IP address pair combinations. Even if multiple clients send the traffic toward the same server, the load is spread across available links.

Obviously, I should write about CEF and load sharing once a month to refresh my failing memory.


  1. I'm curious why CEF is continually mentioned anymore, when 1) so many features depend on it (MPLS, etc.), and 2) it's been "on" by default in the IOS for how many years now?


  2. @Anonymous: Your point is perfectly valid in a Service Provider network (but even there not everyone is running MPLS). The enterprise perspective is slightly different.

  3. @Ivan: yes its different, and I really dont have any idea how to achive in the case I have two CE-Routers which have both eBGP connection to the same ISP and iBGP between the CEs.
    So every of the CEs only installs the eBGP learned prefixes in the RIB. Assuming the CEs are running HSRP so all traffic which is arriving at HSRP active router will just be send to the eBPG neighbor of this HSRP-active router. The other CE-uplink will not be utilized.

    The only idea i had to make Ad of eBGP and iBGP equal on the CE-routers, but this is not really a good idea , is it ?



You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.