Routing and Bridging Guide vA5(1.0), Cisco ACE Application Control Engine
Configuring Routes on the ACE
Downloads: This chapterpdf (PDF - 236.0KB) The complete bookPDF (PDF - 3.97MB) | Feedback

Configuring Routes on the ACE

Table Of Contents

Configuring Routes on the ACE

Assigning an IP Address to Interfaces for Routing Traffic

Configuring a Default or Static Route

Advertising an ACE Module VLAN for RHI (ACE module only)

Using the Supervisor Engine with RHI (ACE Module Only)

Verifying Connectivity of a Remote Host or Server

Using Traceroute on the ACE-Configured IP Addresses

Displaying IPv6 Route Information

Displaying the IPv6 FIB Table Information

Displaying IPv4 Route Information

Displaying the IPv4 FIB Table Information


Configuring Routes on the ACE



Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted.


This chapter describes how the ACE is considered a router hop in the network when it is in routed mode. In the Admin or user contexts, the ACE supports static routes only. The ACE supports up to eight equal cost routes for load balancing.

This chapter describes how to configure a default or static route on the ACE and contains the following major sections:

Assigning an IP Address to Interfaces for Routing Traffic

Configuring a Default or Static Route

Advertising an ACE Module VLAN for RHI (ACE module only)

Verifying Connectivity of a Remote Host or Server

Displaying IPv6 Route Information

Displaying the IPv6 FIB Table Information

Displaying IPv4 Route Information

Displaying the IPv4 FIB Table Information

Assigning an IP Address to Interfaces for Routing Traffic

When you assign an IP address on an interface, its mode automatically becomes routed. To assign an IP address to a VLAN interface, use the ip address command in interface VLAN configuration mode.

IPv6 Syntax and Example

The syntax of this command is as follows:

ip address ipv6_address/prefix_length [eui64]

The keywords and arguments are as follows;

ipv6_address—Complete IPv6 address with a prefix of 2001::/3 to E00::/3.

/prefix_length—Specifies how many of the most significant bits (MSBs) of the IPv6 address are used for the network identifier. Enter a a forward slash character (/) followed by an integer from 1 to 128. If you use the optional eui64 keyword, the prefix length must be less than or equal to /64.

eui64—(Optional) Specifies that the low order 64 bits are automatically generated in the IEEE 64-bit Extended Unique Identifier (EUI-64) format specified in RFC 2373. To use this keyword, the prefix length must be configured as less than or equal to 64 and the host segment must be all zeros. For more information about EUI64, see Chapter 2, Overview of IPv6.

To configure the IPv6 global address of 2001:DB8:1::/64 on VLAN 200, enter the following commands:

host1/Admin(config)# interface VLAN 200
host1/Admin(config-if)# ip address 2001:DB8:1::/64 eui64
 
   

To remove this IPv6 global address from the interface, enter the following command:

host1/Admin(config-if)# no ip address 2001:DB8:1::/64 eui64
 
   

IPv4 Syntax and Example

The syntax of this command is as follows:

ip address ip_address mask

The ip_address mask arguments specify the IP address and mask of the VLAN interface.

For detailed information on configuring an IP address on an interface, see Chapter 3 "Configuring VLAN Interfaces."

To set the IP address of 192.168.1.1 255.255.255.0 on VLAN 200, enter:

host1/Admin(config)# interface vlan 200
host1/Admin(config-if)# ip address 192.168.1.1 255.255.255.0

To remove this IPv4 address from the interface, enter the following command:

host1/Admin(config-if)# no ip address 192.168.1.1 255.255.255.0

Note If you make a mistake while entering this command, you can reenter the command with the correct information.


Configuring a Default or Static Route

Admin and user contexts do not support dynamic routing. You must use static routes for any networks to which the ACE is not directly connected; for example, you must use a static route when there is a router between a network and the ACE.

For traffic that originates on or is routed through the ACE and is destined for a nondirectly connected network, configure either a default route or static routes so that the ACE knows where to send the traffic. Traffic that originates on the ACE might include communications to a syslog server, Websense or N2H2 server, or AAA server.

The simplest option is to configure a default route to send all traffic to an upstream router. The default route identifies the router IP address where the ACE sends all IP packets for which it does not have a route. You can configure a maximum of eight default ECMP routes or gateways in the ACE. For IPv6, one of these can be a link-local address.


Note Routes that identify a specific destination address take precedence over the default route.


To set a default or static route, use the ip route command in configuration mode.

IPv6 Syntax and Example

The syntax of this command is as follows:

ip route ipv6_dest_address/prefix_length {global_nexthop_address | {bvi number | vlan number {link_local_address}}}

The keywords and arguments are as follows:

ipv6_dest_address—Destination IPv6 address for the route.

/prefix_length—Specifies how many of the most significant bits (MSBs) of the IPv6 address are used for the network identifier. Enter a a forward slash character (/) followed by an integer from 1 to 128.

global_nexthop_address—IP address of the gateway router (the next-hop address for this route). The gateway address must be in the same network as specified in the ip address command for a VLAN interface. For information on configuring the address, see the "Assigning an IP Address to Interfaces for Routing Traffic" section.


Note When you configure a default gateway, the MAC address of the gateway must not constantly change. We recommend to use a Hot Standby Router Protocol (HSRP) IP address or other virtual IP address which maintains a single MAC address for multiple interfaces.


bvi number—Forward bridged VLAN interface for the link-local address

link_local_address—Link-local address of the gateway

vlan number—Forward VLAN interface for the link-local address

To configure a static route to send all traffic destined to 2001:DB8:1::/64 to the next-hop router at 2001:DB8:2::/64, enter the following command:

host1/Admin(config)# ip route 2001:DB8:1::/64 2001:DB8:2::/64
 
   

To configure a default route, set the IPv6 address for the route to ::/0, the IPv6 equivalent of "any." For example, if the ACE receives traffic that does not have a route and you want the ACE to send the traffic out the interface to the router at 2001:DB8:2::/64, enter:

host1/Admin(config)# ip route ::/0 2001:DB8:2::/64
 
   

To remove a default or static route, use the no form of the command as follows:

host1/Admin(config)# no ip route 2001:DB8:1::/64 2001:DB8:2::/64
 
   

IPv4 Syntax and Example

The syntax of this command is as follows:

ip route dest_ip_prefix netmask gateway_ip_address

The keywords, arguments, and options are as follows:

dest_ip_prefix—IP address for the route. Enter the address in dotted-decimal IP notation (for example, 192.168.20.1).

netmask—Subnet mask for the route. Enter the subnet mask in dotted-decimal notation (for example, 255.255.255.0).

gateway_ip_address—IP address of the gateway router (the next-hop address for this route). The gateway address must be in the same network as specified in the ip address command for a VLAN interface. For information on configuring the address, see the "Assigning an IP Address to Interfaces for Routing Traffic" section.


Note When you configure a default gateway, the MAC address of the gateway must not constantly change. We recommend to use a Hot Standby Router Protocol (HSRP) IP address or other virtual IP address which maintains a single MAC address for multiple interfaces.



Note Management traffic coming into the ACE is not affected by the no normalization command, which does not support asymmetric routes. For information about normalization, see the Security Guide, Cisco ACE Application Control Engine.


To configure a static route to send all traffic destined for 10.1.1.0/24 to the router (10.1.2.45), enter:

host1/Admin(config)# ip route 10.1.1.0 255.255.255.0 10.1.2.45 
 
   

To configure a default route, set the IP address and the subnet mask for the route to 0.0.0.0. For example, if the ACE receives traffic that does not have a route and you want the ACE to send the traffic out the interface to the router at 192.168.4.8, enter:

host1/Admin(config)# ip route 0.0.0.0 0.0.0.0 192.168.4.8
 
   

To remove a default or static route, use the no form of the command as follows:

host1/Admin(config)# no ip route 192.168.42.0 255.255.255.0 
192.168.1.5 1
 
   

Advertising an ACE Module VLAN for RHI (ACE module only)


Note Note the following ACE module support for Route Health Injection (RHI) with the A5(1.x) software releases:

With software release A5(1.2), the ACE module operating with the Catalyst 6500 series switch supervisor engine supports both IPv6 and IPv4 routes for Route Health Injection (RHI) with Cisco IOS release 12.2(33)SXJ2 or later releases.

With software releases A5(1.0) and A5(1.1), the ACE module operating with the Catalyst 6500 series switch or Cisco 7600 series router supervisor engine supports only IPv4 routes for Route Health Injection (RHI) with Cisco IOS release 12.2(33)SXI4 or later releases. RHI for IPv6 routes is not supported at this time. You will not encounter this issue with RHI for IPv4 routes.


To advertise an ACE module VLAN for route health injection (RHI) that is different from the VIP interface VLAN, use the ip route inject vlan command in interface configuration mode. By default, the ACE module advertises the VLAN of the VIP interface for RHI.

Use this command when there is no directly shared VLAN between the ACE module and the Catalyst 6500 series supervisor engine. This topology can occur when there is an intervening device, for example, a Cisco Firewall Services Module (FWSM), configured between the ACE module and the supervisor engine.


Note Be sure to configure this command on the VIP interface of the ACE module.


The syntax of this command is as follows:

ip route inject vlan vlan_id

The vlan_id is the interface shared between the supervisor engine and the intervening device. Enter it as an integer from 2 to 4090.

For example, to advertise route 200 for RHI, enter:

host1/Admin(config-if)# ip route inject vlan 200
 
   

To restore the ACE module default behavior of advertising the VIP interface VLAN for RHI, enter:

host1/Admin(config-if)# no ip route inject vlan 200

Using the Supervisor Engine with RHI (ACE Module Only)

The Route Health Injection (RHI) feature allows the ACE module to inject (add) or withdraw (remove) static IPv4 routes in the supervisor engine. The ACE module maintains a hash table of VIP address-mask entries. The hash table includes the address-mask and a chain of interface entries. Each interface entry corresponds to an interface ID on which the VIP address, mask, and context is configured. Each interface entry has a chain of vserver IDs that correspond to the VIP address, mask, and context and the interface ID.


Note RHI for IPv6 routes is not supported at this time. However, RHI for IPv4 routes is fully functional.


The ACE module maintains the following two data structures for processing:

A chain of vserver IDs per interface object. The ACE module uses this chain for processing if an interface's state changes.

A chain of interface IDs per vserver object. The ACE module uses this chain for processing if a vserver's state changes.

When the following route-related changes occur, the ACE module performs the described actions:

When the MSFC mapped VLAN on an interface changes. the ACE module readvertise the route with the updated VLAN number.

When the IP address of an interface changes the ACE module advertises the route with the updated next hop.

When the state of an interface changes, the ACE module examines the new state of the interface removes the route from the supervisor or adds a route to the supervisor.

When the state of a vserver changes, the ACE module determines the vserver that has the best metric value because of this state change. If the vserver has changed, the ACE module advertises the route with the new vserver.

When a vserver is removed from an interface, the ACE module deletes the VIP entry from the VIP hash table. The ACE module determines the best new vserver and advertises the route with the new vserver ID.

When a vserver is added to an interface, the ACE module updates the VIP hash table with the new entry. The ACE module determines the best new best vserver and advertises the route that corresponds to the new vserver ID.

The ACE module and the supervisor engine use Switch-Module Configuration Protocol (SCP) messages to insert or withdraw all RHI routes. Only one route insertion or withdrawal is allowed per SCP message. The configuration manager sends all route information to the route manager in the ACE module. The route manager then forwards the route information to the supervisor engine through the SCP module.

Before it sends the route information to the SCP module, the ACE module caches all the routes that are to be sent to the supervisor in case a retransmission is necessary. The ACE module expects a acknowledgement from the supervisor for each request that it sends. If it receives an acknowledgement from the supervisor, the ACE module deletes the entries from the cache. If it does not receive an acknowledgement from the supervisor, the ACE module retransmits the request (both insertion and withdrawal of routes).

Verifying Connectivity of a Remote Host or Server

You can verify the connectivity of a remote host or server by using the ping command in Exec mode to send echo messages from the ACE.

The syntax of this command is as follows:

ping [ip | ipv6 [system_address [count count [size size [timeout time [extended commands y [source ] | n]]]]]]

The arguments and options are as follows:

ip | ipv6—(Optional) Specifies the IPv4 or IPv6 protocol. If you do not specify the IP protocol, it is inferred from the address.

system_address—(Optional) IP address of a remote host or server to ping. Enter an IPv4 or an IPv6 address depending on whether you specified the ip or the ipv6 keyword. If you do not specify the IP address of the remote host, the CLI prompts you for the information. For information on additional prompts, see Table 4-1.

count count—(Optional) Specifies the repeat count. Enter the repeat count as an integer from 1 to 65000. The default is 5.

size size—(Optional) Specifies the datagram size. Enter the datagram size as an integer from 36 to 1440. The default is 100.

timeout time—(Optional) Specifies the timeout in seconds. Enter the timeout value as an integer from 0 to 3600. The default is 2.

extended commands [y | n]—The default is n. If you specify y, the following additional options are available:

source address or interface

hop count—The default is 255. Enter an integer from 1 to

output interface

IPv6 Example

To send a ping to the IPv6 loopback address 0:0:0:0:0:0:0:1, enter the following command:

host1/Admin# ping ::1
PING 0:0:0:0:0:0:0:1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=255 time=0.039 ms
64 bytes from ::1: icmp_seq=2 ttl=255 time=0.000 ms
64 bytes from ::1: icmp_seq=3 ttl=255 time=0.000 ms
64 bytes from ::1: icmp_seq=4 ttl=255 time=0.108 ms
64 bytes from ::1: icmp_seq=5 ttl=255 time=0.126 ms
 
   
--- 0:0:0:0:0:0:0:1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 8002ms
rtt min/avg/max/mdev = 0.000/0.054/0.126/0.053 ms
 
   

To abnormally terminate a ping session, press Ctrl-C.


Note The first ping may fail because the ND table is not populated with the MAC address of the remote host or server.


IPv4 Example

The following example shows how to send a ping to a server located at IP address 192.168.219.140:

host1/Admin# ping 192.168.173.140
PING 192.168.173.140 with timeout = 2, count = 5, size = 100
Response from 192.168.173.140 :  seq 1 time 1.213 ms  
Response from 192.168.173.140 :  seq 2 time 0.175 ms  
Response from 192.168.173.140 :  seq 3 time 0.210 ms  
Response from 192.168.173.140 :  seq 4 time 0.162 ms  
Response from 11.1.11.4 :  seq 5 time 0.214 ms
5 packet sent, 5 responses received, 0% packet loss
 
   

To abnormally terminate a ping session, press Ctrl-C.


Note The first ping may fail because the ARP table is not populated with the MAC address for the remote host or server.


The ping command provides additional options to verify the connectivity of a remote host or server. To specify these additional parameters, type ping at the CLI ACE prompt and press enter.

Table 4-1 summarizes the options and the defaults for the ping command.

Table 4-1 Options and Defaults for the ping Command 

Option
Description
Default

Target IP address

IP address or hostname of the destination node to ping.

Not applicable

Repeat count

Number of ping packets to be sent to the destination address. Enter an integer from 1 to 65000.

5 packets

Datagram size

Size of each ping packet in bytes. For IPv6, enter an integer from 48 to 1440. For IPv4, enter an integer from 36 to 1440.

100 bytes

Timeout

Timeout interval in seconds after which a ping request is considered a failure. The ping is not aborted and sends the next ping packet, if any. Enter an integer from 0 to 3600.

2 seconds

Extended commands

Provides additional commands for the ping command.

n(o)


To trace the routes taken for a specified IP address, use the traceroute command in Exec mode.

The syntax of this command is as follows:

traceroute [ip | ipv6] [ip_address [size packet]]]

The arguments and option are as follows:

ip | ipv6—(Optional) Specifies the IPv4 or the IPv6 protocol. If you do not specify the IP protocol, it is inferred from the address.

ip_address—(Optional) IP address for the route. Enter an IPv6 address in IPv6 format or an IPv4 address in dotted-decimal notation. This argument is optional. If you do not include it with the command, you are prompted for an IP address.

size packet—(Optional) Specifies the packet size. Enter a number from 40 to 452. For IPv6, there is no default. For IPv4, the default is 40.

IPv6 Example

To trace the IPv6 address 2001:DB8:1::/64, enter the following command:

host1/Admin# traceroute ipv6 2001:DB8:1::/64
 
   

To terminate a traceroute session, press Ctrl-C.

IPv4 Example

To trace the IP address 192.168.173.140, enter:

host1/Admin# traceroute 192.168.173.140
traceroute to 192.168.173.140 (192.168.173.140), 30 hops max, 40 byte 
packets
 1  192.86.215.2 (192.86.215.2)  0.558 ms  0.325 ms  0.297 ms
 2  * * *
 3  * * *
 
   

To terminate a traceroute session, press Ctrl-C.

Using Traceroute on the ACE-Configured IP Addresses

You can use traceroute on ACE-configured IP addresses, however there are certain restrictions. When you use traceroute to a configured ACE IP interface:

ICMP traceroute works when you configure a management policy to permit ICMP traffic, similar to the following examples:

IPv6 Example

class-map type management match-any remote-access
description ipv6-remote-access-traffic-match
match protocol icmpv6 anyv6
 
   

IPv4 Example

class-map type management match-any remote-access
description ipv4-remote-access-traffic-match
match protocol icmp any

Note Most traceroutes use the default protocol of UDP. Use a command line option to change traceroute to ICMP. For example, in Linux, use the -I option.


UDP or TCP-based traceroute does not work. There is no method to permit UDP or TCP traffic to ephemeral ports going to the ACE.

When you use UDP, TCP, or ICMP-based traceroute to a host behind the ACE, it works as expected. However, the ACE does not appear in the traceroute as a hop. The ACE does not decrement the TTL of IP packets that it forwards.

When you use traceroute to a VIP address configured on the ACE, the ACE does not intercept traceroute packets sent to the configured VIP address. The ACE attempts to match the packet to the load-balance policies. If a protocol match occurs, the ACE sends the packet to the real server that responds to the traceroute accordingly.

Displaying IPv6 Route Information

To display IPv6 routes on the ACE, use the show ipv6 route command in Exec mode. The syntax of this command is as follows;

show ipv6 route

For example, enter:

host1/Admin# show ipv6 route
 
   

Table 4-2 describes the fields in the show ipv6 route command output.

Table 4-2 Field Description for the show ipv6 route Command 

Field
Description

Destination

IPv6 destination address for the route.

Gateway

IPv6 gateway address for the route.

Interface

VLAN or BVI number for this entry.

Flag

Flag to identify the route type and state, as identified by one of the following codes displayed above the output information:

H indicates a host route.

I indicates an interface route.

S indicates a static route.

N indicates a NAT route.

A indicates that the route needs an ND resolve.

E indicates an ECMP route.

Total route entries

Total number of routes in the IPv6 routing table.


To display the route summary for the current context, use the show ipv6 route summary command. The syntax of this command is as follows:

show ipv6 route summary

For example, enter:

host1/Admin# show ipv6 route summary
 
   

Table 4-3 describes the fields in the show ipv6 route summary command output.

Table 4-3 Field Description for the show ipv6 route summary Command 

Field
Description

Route Source

Source of the route. The possible value are as follows:

Connected for a route to hosts that are connected to the same network.

Static for a configured route.

Count

Number of routes that are connected or static.

Memory (bytes)

Memory consumed by the route entries.


To display IPv6 traffic information, use the show ip traffic command in Exec mode. For a description of the IPv4 output fields of this command, see the "Displaying IPv4 Route Information" section. The syntax of this command is as follows:

show ip traffic

For example, enter:

host1/Admin# show ip traffic
 
   

Table 4-4 describes the IPv6-specific fields in the show ip traffic command output.

Table 4-4 IPv6 Field Descriptions for the show ip traffic Command
Output 

Field
Description

IPv6 Statistics

Rcvd

total—Number of packets received by the ACE.

bytes—Number of bytes received by the ACE.

input errors—Number of receive errors.

no route—Number of packets with no route.

Frags

reassembled—Number of fragments that the ACE reassembled.

couldn't reassemble—Number of fragments that the ACE could not reassemble.

fragmented—Number of packets that the ACE fragmented.

couldn't fragment—Number of packets that the ACE could not fragment.

Mcast

received—Number of multicast packets received by the ACE.

sent—Number of multicast packets sent by the ACE.

Sent

total—Total packets sent.

sent—Number of bytes sent.

no route—Number of packets sent with no route.

Drop

no route—Number of packets discarded because they had no route.

out discarded—Number of packets discarded.

ICMPv6 Statistics

Rcvd

input—Number of packets received by the ACE.

errors—Number of received packet errors.

unreach—Number of ICMPv6 Unreachable messages received by the ACE.

parameter problem—Number of packets that were dropped by the ACE because of a problem with the IPv6 header or extension header fields.

hopcount expired—Number of packets whose hop counts went to zero that were received by the ACE. This message is the same as the Time Exceeded message in RFC4443.

too big—Number of packets received by the ACE that elicited a "packet too big" response because they were too long and could not be sent to their destination.

echo request—Number of ICMPv6 Echo Request packets received by the ACE.

echo reply—Number of ICMPv6 Echo Reply packets received by the ACE.

group query—Number of multicast group query messages received by the ACE.

group report—Number of group report messages received by the ACE. Group report messages are generated when a host joins a multicast group.

group reduce—Number of group reduce messages received by the ACE. Group reduce messages are sent by a member when it leaves a multicast group.

router solicit—Number of Router Solicitation messages received by the ACE.

ICMPv6 Statistics (cont.)

Rcvd (cont.)

router solicit drops—Number of Router Solicitation messages that were dropped by the ACE.

router advert—Number of Router Advertisement messages received by the ACE.

redirects—Number of Redirect messages received by the ACE.

neighbor solicit—Number of Neighbor Solicitation messages received by the ACE.

neighbor advert—Number of Neighbor Advertisements received by the ACE.

Sent

output—Number of packets sent by the ACE

unreach—Number of Destination Unreachable messages sent by the ACE

parameter problem—Number of packets sent by the ACE that had a problem with the IPv6 header or extension header fields

hopcount expired—Number of packets whose hop counts went to zero that were sent by the ACE

too big—Number of packets sent by the ACE that elicited a "packet too big" response because they were too long and could not be sent to the destination

echo reply—Number of Echo Reply messages sent by the ACE

group report—Number of group report messages sent by the ACE. Group report messages are generated when a member joins a multicast group.

group reduce—Number of group reduce messages sent by the ACE. Group reduce messages are sent by a member when it leaves a multicast group.

Sent (cont.)

router solicit—Number of Router Solicitation messages sent by the ACE.

router advert—Number of Router Advertisement messages sent by the ACE.

redirects—Number of Redirect messages sent by the ACE.

neighbor solicit—Number of Neighbor Solicitation messages sent by the ACE.

neighbor advert—Number of Neighbor Advertisements sent by the ACE.

TCP Statistics

Rcvd

Total number of TCP segments and errors received by the ACE.

Sent

Total number of TCP segments sent by the ACE.

UDP Statistics

Rcvd

Total number of UDP segments, UDP errors, and segments with no port number received by the ACE.

Sent

Total number of UDP segments sent by the ACE.

ND Statistics

Rcvd

Number of ND packets, errors, requests, and responses received by the ACE.

Sent

Number of ND packets, errors, requests, and responses sent by the ACE.


The show ipv6 route internal command is used for debugging purposes. The output of this command is for use by trained Cisco personnel as an aid in debugging and troubleshooting the ACE. For information on the command syntax, see the Command Reference, Cisco ACE Application Control Engine.

Displaying the IPv6 FIB Table Information

The forwarding information base (FIB) table contains information that the forwarding processors require to make IP forwarding decisions. This table is derived from the route and ND tables. To display the FIB table for the context, use the show ipv6 fib command. The syntax of this command is as follows:

show ipv6 fib

For example, enter:

host1/Admin# show ipv6 fib 
 
   

Table 4-10 describes the fields in the show ipv6 fib command output.

Table 4-5 Field Description for the show ipv6 fib Command 

Field
Description

Destination

Destination address for the route.

Interface

VLAN interface number for this entry.

EncapID

Encapsulation identifier.

Flag

Flag to identify the route type and state, as identified by one of the following codes displayed above the output information:

H indicates a host route.

I indicates interface route.

S indicates a static route.

N indicates a NAT route.

A indicates that the route needs an ND resolve.

E indicates an ECMP route.

V indicates that the route destination matches a class map-defined virtual server.

Total route entries

Total number of route entries in the ND table.


To display a summary of the FIB table for the context, use the show ip fib summary command. For example, enter:

host1/Admin# show ipv6 fib summary
 
   

Table 4-11 describes the fields in the show ip fib summary command output.

Table 4-6 Field Description for the show ip fib summary Command 

Field
Description

Resolved routes

Number of prefixes programmed in mtrie.

Leaves, bytes

Number of mtrie leaf nodes allocated and memory consumed in bytes.

Nodes, bytes

Number of mtrie internal nodes allocated and memory consumed in bytes.

ecmps, bytes

Number of ECMP nodes allocated and memory consumed in bytes.


The show ipv6 fib command is used for debugging purposes. The output of this command is for use by trained Cisco personnel as an aid in debugging and troubleshooting the ACE. For information on the command syntax, see the Command Reference, Cisco ACE Application Control Engine.

Displaying IPv4 Route Information

To display IPv4 routes on the ACE, use the show ip route command in Exec mode. The syntax of this command is as follows;

show ip route

For example, enter:

host1/Admin# show ip route
 
   

Table 4-7 describes the fields in the show ip route command output.

Table 4-7 Field Description for the show ip route Command 

Field
Description

Destination

Destination address for the route.

Gateway

Gateway address for the route.

Interface

VLAN interface number for this entry.

Flag

Flag to identify the route type and state, as identified by one of the following codes displayed above the output information:

H indicates a host route.

I indicates an interface route.

S indicates a static route.

N indicates a NAT route.

A indicates that the route needs an ARP resolve.

E indicates an ECMP route.


To display the route summary for the current context, use the show ip route summary command. For example, enter:

host1/Admin# show ip route summary
 
   

Table 4-8 describes the fields in the show ip route summary command output.

Table 4-8 Field Description for the show ip route summary Command 

Field
Description

Route Source

Source of the route. The possible value are as follows:

Connected for a route to hosts that are connected to the same network.

Static for a configured route.

Count

Number of routes that are connected or static.

Memory (bytes)

Memory consumed by the route entries.


To display IP traffic information, use the show ip traffic command in Exec mode. The syntax of this command is as follows:

show ip traffic

For example, enter:

host1/Admin# show ip traffic
 
   

Table 4-9 describes the fields in the show ip traffic command output.

Table 4-9 Field Descriptions for the show ip traffic Command
Output 

Field
Description

IP Statistics

Rcvd

Total number of packets received by the ACE, number of bytes received by the ACE, number of input errors, number of packets received by the ACE with no route, and number of packets received by the ACE that had an unknown protocol.

Frags

Number of fragments that the ACE reassembled, number of fragments that the ACE could not reassemble, number of packets that the ACE fragmented, and number of packets that the ACE could not fragment.

Bcast

For IPv4, number of broadcast packets received and sent.

Mcast

Number of multicast packets received and sent.

Sent

Total packets sent, number of bytes sent, and number of packets sent with no route.

Drop

Number of packets discarded because they had no route and number of packets discarded.

ICMP Statistics

Rcvd

Reports statistics for the following ICMP messages received by the ACE:

Redirects

ICMP Unreachable

ICMP Echo

ICMP Echo Reply

Mask Requests

Mask Replies

Quench

Parameter

Timestamp

Sent

Reports statistics for the following ICMP messages sent by the ACE:

Redirects

ICMP Unreachable

ICMP Echo

ICMP Echo Reply

Mask Requests

Mask Replies

Quench

Timestamp

Parameter

Time Exceeded

TCP Statistics

Rcvd

Total number of TCP segments and errors received by the ACE.

Sent

Total number of TCP segments sent by the ACE.

UDP Statistics

Rcvd

Total number of UDP segments, UDP errors, and segments with no port number received by the ACE.

Sent

Total number of UDP segments sent by the ACE.

ARP Statistics

Rcvd

Number of ARP packets, errors, requests, and responses received by the ACE.

Sent

Number of ARP packets, errors, requests, and responses sent by the ACE.


The show ip route internal command is used for debugging purposes. The output of this command is for use by trained Cisco personnel as an aid in debugging and troubleshooting the ACE. For information on the command syntax, see the Command Reference, Cisco ACE Application Control Engine.

Displaying the IPv4 FIB Table Information

The forwarding information base (FIB) table contains information that the forwarding processors require to make IP forwarding decisions. This table is derived from the route and ARP tables. To display the IPv4 FIB table for the context, use the show ip fib command. For example, enter:

host1/Admin# show ip fib
 
   

Table 4-10 describes the fields in the show ip fib command output.

Table 4-10 Field Description for the show ip fib Command 

Field
Description

Destination

Destination address for the route.

Interface

VLAN interface number for this entry.

EncapID

Encapsulation identifier.

Flag

Flag to identify the route type and state, as identified by one of the following codes displayed above the output information:

H indicates a host route.

I indicates interface route.

S indicates a static route.

N indicates a NAT route.

A indicates that the route needs an ARP resolve.

E indicates an ECMP route.

V indicates that the route destination matches a class map-defined virtual server.


To display a summary of the FIB table for the context, use the show ip fib summary command. For example, enter:

host1/Admin# show ip fib summary
 
   

Table 4-11 describes the fields in the show ip fib summary command output.

Table 4-11 Field Description for the show ip fib summary Command 

Field
Description

Resolved routes

Number of prefixes programmed in mtrie.

Leaves, bytes

Number of mtrie leaf nodes allocated and memory consumed in bytes.

Nodes, bytes

Number of mtrie internal nodes allocated and memory consumed in bytes.

ecmps, bytes

Number of ECMP nodes allocated and memory consumed in bytes.


The show ip fib command is used for debugging purposes. The output of this command is for use by trained Cisco personnel as an aid in debugging and troubleshooting the ACE. For information on the command syntax, see the Command Reference, Cisco ACE Application Control Engine.