Table Of Contents
Configuring Routes on the ACE
Assigning an IP Address to Interfaces for Routing Traffic
Configuring a Default or Static Route
Advertising an ACE Module VLAN for RHI (ACE module only)
Using the Supervisor Engine with RHI (ACE Module Only)
Verifying Connectivity of a Remote Host or Server
Using Traceroute on the ACE-Configured IP Addresses
Displaying IPv6 Route Information
Displaying the IPv6 FIB Table Information
Displaying IPv4 Route Information
Displaying the IPv4 FIB Table Information
Configuring Routes on the ACE
Note 
The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted.
This chapter describes how the ACE is considered a router hop in the network when it is in routed mode. In the Admin or user contexts, the ACE supports static routes only. The ACE supports up to eight equal cost routes for load balancing.
This chapter describes how to configure a default or static route on the ACE and contains the following major sections:
•Assigning an IP Address to Interfaces for Routing Traffic
•Configuring a Default or Static Route
•Advertising an ACE Module VLAN for RHI (ACE module only)
•Verifying Connectivity of a Remote Host or Server
•Displaying IPv6 Route Information
•Displaying the IPv6 FIB Table Information
•Displaying IPv4 Route Information
•Displaying the IPv4 FIB Table Information
Assigning an IP Address to Interfaces for Routing Traffic
When you assign an IP address on an interface, its mode automatically becomes routed. To assign an IP address to a VLAN interface, use the ip address command in interface VLAN configuration mode.
IPv6 Syntax and Example
The syntax of this command is as follows:
ip address ipv6_address/prefix_length [eui64]
The keywords and arguments are as follows;
•ipv6_address—Complete IPv6 address with a prefix of 2001::/3 to E00::/3.
•/prefix_length—Specifies how many of the most significant bits (MSBs) of the IPv6 address are used for the network identifier. Enter a a forward slash character (/) followed by an integer from 1 to 128. If you use the optional eui64 keyword, the prefix length must be less than or equal to /64.
•eui64—(Optional) Specifies that the low order 64 bits are automatically generated in the IEEE 64-bit Extended Unique Identifier (EUI-64) format specified in RFC 2373. To use this keyword, the prefix length must be configured as less than or equal to 64 and the host segment must be all zeros. For more information about EUI64, see Chapter 2, Overview of IPv6.
To configure the IPv6 global address of 2001:DB8:1::/64 on VLAN 200, enter the following commands:
host1/Admin(config)# interface VLAN 200
host1/Admin(config-if)# ip address 2001:DB8:1::/64 eui64
To remove this IPv6 global address from the interface, enter the following command:
host1/Admin(config-if)# no ip address 2001:DB8:1::/64 eui64
IPv4 Syntax and Example
The syntax of this command is as follows:
ip address ip_address mask
The ip_address mask arguments specify the IP address and mask of the VLAN interface.
For detailed information on configuring an IP address on an interface, see Chapter 3 "Configuring VLAN Interfaces."
To set the IP address of 192.168.1.1 255.255.255.0 on VLAN 200, enter:
host1/Admin(config)# interface vlan 200
host1/Admin(config-if)# ip address 192.168.1.1 255.255.255.0
To remove this IPv4 address from the interface, enter the following command:
host1/Admin(config-if)# no ip address 192.168.1.1 255.255.255.0
Note If you make a mistake while entering this command, you can reenter the command with the correct information.
Configuring a Default or Static Route
Admin and user contexts do not support dynamic routing. You must use static routes for any networks to which the ACE is not directly connected; for example, you must use a static route when there is a router between a network and the ACE.
For traffic that originates on or is routed through the ACE and is destined for a nondirectly connected network, configure either a default route or static routes so that the ACE knows where to send the traffic. Traffic that originates on the ACE might include communications to a syslog server, Websense or N2H2 server, or AAA server.
The simplest option is to configure a default route to send all traffic to an upstream router. The default route identifies the router IP address where the ACE sends all IP packets for which it does not have a route. You can configure a maximum of eight default ECMP routes or gateways in the ACE. For IPv6, one of these can be a link-local address.
Note Routes that identify a specific destination address take precedence over the default route.
To set a default or static route, use the ip route command in configuration mode.
IPv6 Syntax and Example
The syntax of this command is as follows:
ip route ipv6_dest_address/prefix_length {global_nexthop_address | {bvi
number | vlan number {link_local_address}}}
The keywords and arguments are as follows:
•ipv6_dest_address—Destination IPv6 address for the route.
•/prefix_length—Specifies how many of the most significant bits (MSBs) of the IPv6 address are used for the network identifier. Enter a a forward slash character (/) followed by an integer from 1 to 128.
•global_nexthop_address—IP address of the gateway router (the next-hop address for this route). The gateway address must be in the same network as specified in the ip address command for a VLAN interface. For information on configuring the address, see the "Assigning an IP Address to Interfaces for Routing Traffic" section.
Note When you configure a default gateway, the MAC address of the gateway must not constantly change. We recommend to use a Hot Standby Router Protocol (HSRP) IP address or other virtual IP address which maintains a single MAC address for multiple interfaces.
•bvi number—Forward bridged VLAN interface for the link-local address
•link_local_address—Link-local address of the gateway
•vlan number—Forward VLAN interface for the link-local address
To configure a static route to send all traffic destined to 2001:DB8:1::/64 to the next-hop router at 2001:DB8:2::/64, enter the following command:
host1/Admin(config)# ip route 2001:DB8:1::/64 2001:DB8:2::/64
To configure a default route, set the IPv6 address for the route to ::/0, the IPv6 equivalent of "any." For example, if the ACE receives traffic that does not have a route and you want the ACE to send the traffic out the interface to the router at 2001:DB8:2::/64, enter:
host1/Admin(config)# ip route ::/0 2001:DB8:2::/64
To remove a default or static route, use the no form of the command as follows:
host1/Admin(config)# no ip route 2001:DB8:1::/64 2001:DB8:2::/64
IPv4 Syntax and Example
The syntax of this command is as follows:
ip route dest_ip_prefix netmask gateway_ip_address
The keywords, arguments, and options are as follows:
•dest_ip_prefix—IP address for the route. Enter the address in dotted-decimal IP notation (for example, 192.168.20.1).
•netmask—Subnet mask for the route. Enter the subnet mask in dotted-decimal notation (for example, 255.255.255.0).
•gateway_ip_address—IP address of the gateway router (the next-hop address for this route). The gateway address must be in the same network as specified in the ip address command for a VLAN interface. For information on configuring the address, see the "Assigning an IP Address to Interfaces for Routing Traffic" section.
Note When you configure a default gateway, the MAC address of the gateway must not constantly change. We recommend to use a Hot Standby Router Protocol (HSRP) IP address or other virtual IP address which maintains a single MAC address for multiple interfaces.
Note Management traffic coming into the ACE is not affected by the no normalization command, which does not support asymmetric routes. For information about normalization, see the Security Guide, Cisco ACE Application Control Engine.
To configure a static route to send all traffic destined for 10.1.1.0/24 to the router (10.1.2.45), enter:
host1/Admin(config)# ip route 10.1.1.0 255.255.255.0 10.1.2.45
To configure a default route, set the IP address and the subnet mask for the route to 0.0.0.0. For example, if the ACE receives traffic that does not have a route and you want the ACE to send the traffic out the interface to the router at 192.168.4.8, enter:
host1/Admin(config)# ip route 0.0.0.0 0.0.0.0 192.168.4.8
To remove a default or static route, use the no form of the command as follows:
host1/Admin(config)# no ip route 192.168.42.0 255.255.255.0
192.168.1.5 1
Advertising an ACE Module VLAN for RHI (ACE module only)
Note Note the following ACE module support for Route Health Injection (RHI) with the A5(1.x) software releases:
•With software release A5(1.2), the ACE module operating with the Catalyst 6500 series switch supervisor engine supports both IPv6 and IPv4 routes for Route Health Injection (RHI) with Cisco IOS release 12.2(33)SXJ2 or later releases.
•With software releases A5(1.0) and A5(1.1), the ACE module operating with the Catalyst 6500 series switch or Cisco 7600 series router supervisor engine supports only IPv4 routes for Route Health Injection (RHI) with Cisco IOS release 12.2(33)SXI4 or later releases. RHI for IPv6 routes is not supported at this time. You will not encounter this issue with RHI for IPv4 routes.
To advertise an ACE module VLAN for route health injection (RHI) that is different from the VIP interface VLAN, use the ip route inject vlan command in interface configuration mode. By default, the ACE module advertises the VLAN of the VIP interface for RHI.
Use this command when there is no directly shared VLAN between the ACE module and the Catalyst 6500 series supervisor engine. This topology can occur when there is an intervening device, for example, a Cisco Firewall Services Module (FWSM), configured between the ACE module and the supervisor engine.
Note Be sure to configure this command on the VIP interface of the ACE module.
The syntax of this command is as follows:
ip route inject vlan vlan_id
The vlan_id is the interface shared between the supervisor engine and the intervening device. Enter it as an integer from 2 to 4090.
For example, to advertise route 200 for RHI, enter:
host1/Admin(config-if)# ip route inject vlan 200
To restore the ACE module default behavior of advertising the VIP interface VLAN for RHI, enter:
host1/Admin(config-if)# no ip route inject vlan 200
Using the Supervisor Engine with RHI (ACE Module Only)
The Route Health Injection (RHI) feature allows the ACE module to inject (add) or withdraw (remove) static IPv4 routes in the supervisor engine. The ACE module maintains a hash table of VIP address-mask entries. The hash table includes the address-mask and a chain of interface entries. Each interface entry corresponds to an interface ID on which the VIP address, mask, and context is configured. Each interface entry has a chain of vserver IDs that correspond to the VIP address, mask, and context and the interface ID.
Note RHI for IPv6 routes is not supported at this time. However, RHI for IPv4 routes is fully functional.
The ACE module maintains the following two data structures for processing:
•A chain of vserver IDs per interface object. The ACE module uses this chain for processing if an interface's state changes.
•A chain of interface IDs per vserver object. The ACE module uses this chain for processing if a vserver's state changes.
When the following route-related changes occur, the ACE module performs the described actions:
•When the MSFC mapped VLAN on an interface changes. the ACE module readvertise the route with the updated VLAN number.
•When the IP address of an interface changes the ACE module advertises the route with the updated next hop.
•When the state of an interface changes, the ACE module examines the new state of the interface removes the route from the supervisor or adds a route to the supervisor.
•When the state of a vserver changes, the ACE module determines the vserver that has the best metric value because of this state change. If the vserver has changed, the ACE module advertises the route with the new vserver.
•When a vserver is removed from an interface, the ACE module deletes the VIP entry from the VIP hash table. The ACE module determines the best new vserver and advertises the route with the new vserver ID.
•When a vserver is added to an interface, the ACE module updates the VIP hash table with the new entry. The ACE module determines the best new best vserver and advertises the route that corresponds to the new vserver ID.
The ACE module and the supervisor engine use Switch-Module Configuration Protocol (SCP) messages to insert or withdraw all RHI routes. Only one route insertion or withdrawal is allowed per SCP message. The configuration manager sends all route information to the route manager in the ACE module. The route manager then forwards the route information to the supervisor engine through the SCP module.
Before it sends the route information to the SCP module, the ACE module caches all the routes that are to be sent to the supervisor in case a retransmission is necessary. The ACE module expects a acknowledgement from the supervisor for each request that it sends. If it receives an acknowledgement from the supervisor, the ACE module deletes the entries from the cache. If it does not receive an acknowledgement from the supervisor, the ACE module retransmits the request (both insertion and withdrawal of routes).
Verifying Connectivity of a Remote Host or Server
You can verify the connectivity of a remote host or server by using the ping command in Exec mode to send echo messages from the ACE.
The syntax of this command is as follows:
ping [ip | ipv6 [system_address [count count [size size [timeout time
[extended commands y [source ] | n]]]]]]
The arguments and options are as follows:
•ip | ipv6—(Optional) Specifies the IPv4 or IPv6 protocol. If you do not specify the IP protocol, it is inferred from the address.
•system_address—(Optional) IP address of a remote host or server to ping. Enter an IPv4 or an IPv6 address depending on whether you specified the ip or the ipv6 keyword. If you do not specify the IP address of the remote host, the CLI prompts you for the information. For information on additional prompts, see Table 4-1.
•count count—(Optional) Specifies the repeat count. Enter the repeat count as an integer from 1 to 65000. The default is 5.
•size size—(Optional) Specifies the datagram size. Enter the datagram size as an integer from 36 to 1440. The default is 100.
•timeout time—(Optional) Specifies the timeout in seconds. Enter the timeout value as an integer from 0 to 3600. The default is 2.
•extended commands [y | n]—The default is n. If you specify y, the following additional options are available:
–source address or interface
–hop count—The default is 255. Enter an integer from 1 to
–output interface
IPv6 Example
To send a ping to the IPv6 loopback address 0:0:0:0:0:0:0:1, enter the following command:
PING 0:0:0:0:0:0:0:1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=255 time=0.039 ms
64 bytes from ::1: icmp_seq=2 ttl=255 time=0.000 ms
64 bytes from ::1: icmp_seq=3 ttl=255 time=0.000 ms
64 bytes from ::1: icmp_seq=4 ttl=255 time=0.108 ms
64 bytes from ::1: icmp_seq=5 ttl=255 time=0.126 ms
--- 0:0:0:0:0:0:0:1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 8002ms
rtt min/avg/max/mdev = 0.000/0.054/0.126/0.053 ms
To abnormally terminate a ping session, press Ctrl-C.
Note The first ping may fail because the ND table is not populated with the MAC address of the remote host or server.
IPv4 Example
The following example shows how to send a ping to a server located at IP address 192.168.219.140:
host1/Admin# ping 192.168.173.140
PING 192.168.173.140 with timeout = 2, count = 5, size = 100
Response from 192.168.173.140 : seq 1 time 1.213 ms
Response from 192.168.173.140 : seq 2 time 0.175 ms
Response from 192.168.173.140 : seq 3 time 0.210 ms
Response from 192.168.173.140 : seq 4 time 0.162 ms
Response from 11.1.11.4 : seq 5 time 0.214 ms
5 packet sent, 5 responses received, 0% packet loss
To abnormally terminate a ping session, press Ctrl-C.
Note The first ping may fail because the ARP table is not populated with the MAC address for the remote host or server.
The ping command provides additional options to verify the connectivity of a remote host or server. To specify these additional parameters, type ping at the CLI ACE prompt and press enter.
Table 4-1 summarizes the options and the defaults for the ping command.
Table 4-1 Options and Defaults for the ping Command
Option
|
Description
|
Default
|
Target IP address
|
IP address or hostname of the destination node to ping.
|
Not applicable
|
Repeat count
|
Number of ping packets to be sent to the destination address. Enter an integer from 1 to 65000.
|
5 packets
|
Datagram size
|
Size of each ping packet in bytes. For IPv6, enter an integer from 48 to 1440. For IPv4, enter an integer from 36 to 1440.
|
100 bytes
|
Timeout
|
Timeout interval in seconds after which a ping request is considered a failure. The ping is not aborted and sends the next ping packet, if any. Enter an integer from 0 to 3600.
|
2 seconds
|
Extended commands
|
Provides additional commands for the ping command.
|
n(o)
|
To trace the routes taken for a specified IP address, use the traceroute command in Exec mode.
The syntax of this command is as follows:
traceroute [ip | ipv6] [ip_address [size packet]]]
The arguments and option are as follows:
•ip | ipv6—(Optional) Specifies the IPv4 or the IPv6 protocol. If you do not specify the IP protocol, it is inferred from the address.
•ip_address—(Optional) IP address for the route. Enter an IPv6 address in IPv6 format or an IPv4 address in dotted-decimal notation. This argument is optional. If you do not include it with the command, you are prompted for an IP address.
•size packet—(Optional) Specifies the packet size. Enter a number from 40 to 452. For IPv6, there is no default. For IPv4, the default is 40.
IPv6 Example
To trace the IPv6 address 2001:DB8:1::/64, enter the following command:
host1/Admin# traceroute ipv6 2001:DB8:1::/64
To terminate a traceroute session, press Ctrl-C.
IPv4 Example
To trace the IP address 192.168.173.140, enter:
host1/Admin# traceroute 192.168.173.140
traceroute to 192.168.173.140 (192.168.173.140), 30 hops max, 40 byte
packets
1 192.86.215.2 (192.86.215.2) 0.558 ms 0.325 ms 0.297 ms
To terminate a traceroute session, press Ctrl-C.
Using Traceroute on the ACE-Configured IP Addresses
You can use traceroute on ACE-configured IP addresses, however there are certain restrictions. When you use traceroute to a configured ACE IP interface:
•ICMP traceroute works when you configure a management policy to permit ICMP traffic, similar to the following examples:
IPv6 Example
class-map type management match-any remote-access
description ipv6-remote-access-traffic-match
match protocol icmpv6 anyv6
IPv4 Example
class-map type management match-any remote-access
description ipv4-remote-access-traffic-match
Note Most traceroutes use the default protocol of UDP. Use a command line option to change traceroute to ICMP. For example, in Linux, use the -I option.
•UDP or TCP-based traceroute does not work. There is no method to permit UDP or TCP traffic to ephemeral ports going to the ACE.
When you use UDP, TCP, or ICMP-based traceroute to a host behind the ACE, it works as expected. However, the ACE does not appear in the traceroute as a hop. The ACE does not decrement the TTL of IP packets that it forwards.
When you use traceroute to a VIP address configured on the ACE, the ACE does not intercept traceroute packets sent to the configured VIP address. The ACE attempts to match the packet to the load-balance policies. If a protocol match occurs, the ACE sends the packet to the real server that responds to the traceroute accordingly.
Displaying IPv6 Route Information
To display IPv6 routes on the ACE, use the show ipv6 route command in Exec mode. The syntax of this command is as follows;
show ipv6 route
For example, enter:
host1/Admin# show ipv6 route
Table 4-2 describes the fields in the show ipv6 route command output.
Table 4-2 Field Description for the show ipv6 route Command
Field
|
Description
|
Destination
|
IPv6 destination address for the route.
|
Gateway
|
IPv6 gateway address for the route.
|
Interface
|
VLAN or BVI number for this entry.
|
Flag
|
Flag to identify the route type and state, as identified by one of the following codes displayed above the output information:
•H indicates a host route.
•I indicates an interface route.
•S indicates a static route.
•N indicates a NAT route.
•A indicates that the route needs an ND resolve.
•E indicates an ECMP route.
|
Total route entries
|
Total number of routes in the IPv6 routing table.
|
To display the route summary for the current context, use the show ipv6 route summary command. The syntax of this command is as follows:
show ipv6 route summary
For example, enter:
host1/Admin# show ipv6 route summary
Table 4-3 describes the fields in the show ipv6 route summary command output.
Table 4-3 Field Description for the show ipv6 route summary Command
Field
|
Description
|
Route Source
|
Source of the route. The possible value are as follows:
•Connected for a route to hosts that are connected to the same network.
•Static for a configured route.
|
Count
|
Number of routes that are connected or static.
|
Memory (bytes)
|
Memory consumed by the route entries.
|
To display IPv6 traffic information, use the show ip traffic command in Exec mode. For a description of the IPv4 output fields of this command, see the "Displaying IPv4 Route Information" section. The syntax of this command is as follows:
show ip traffic
For example, enter:
host1/Admin# show ip traffic
Table 4-4 describes the IPv6-specific fields in the show ip traffic command output.
Table 4-4 IPv6 Field Descriptions for the show ip traffic Command
Output
Field
|
Description
|
IPv6 Statistics
|
Rcvd
|
•total—Number of packets received by the ACE.
•bytes—Number of bytes received by the ACE.
•input errors—Number of receive errors.
•no route—Number of packets with no route.
|
Frags
|
•reassembled—Number of fragments that the ACE reassembled.
•couldn't reassemble—Number of fragments that the ACE could not reassemble.
•fragmented—Number of packets that the ACE fragmented.
•couldn't fragment—Number of packets that the ACE could not fragment.
|
Mcast
|
•received—Number of multicast packets received by the ACE.
•sent—Number of multicast packets sent by the ACE.
|
Sent
|
•total—Total packets sent.
•sent—Number of bytes sent.
•no route—Number of packets sent with no route.
|
Drop
|
•no route—Number of packets discarded because they had no route.
•out discarded—Number of packets discarded.
|
ICMPv6 Statistics
|
Rcvd
|
•input—Number of packets received by the ACE.
•errors—Number of received packet errors.
•unreach—Number of ICMPv6 Unreachable messages received by the ACE.
•parameter problem—Number of packets that were dropped by the ACE because of a problem with the IPv6 header or extension header fields.
•hopcount expired—Number of packets whose hop counts went to zero that were received by the ACE. This message is the same as the Time Exceeded message in RFC4443.
•too big—Number of packets received by the ACE that elicited a "packet too big" response because they were too long and could not be sent to their destination.
•echo request—Number of ICMPv6 Echo Request packets received by the ACE.
•echo reply—Number of ICMPv6 Echo Reply packets received by the ACE.
•group query—Number of multicast group query messages received by the ACE.
•group report—Number of group report messages received by the ACE. Group report messages are generated when a host joins a multicast group.
•group reduce—Number of group reduce messages received by the ACE. Group reduce messages are sent by a member when it leaves a multicast group.
•router solicit—Number of Router Solicitation messages received by the ACE.
|
ICMPv6 Statistics (cont.)
|
Rcvd (cont.)
|
•router solicit drops—Number of Router Solicitation messages that were dropped by the ACE.
•router advert—Number of Router Advertisement messages received by the ACE.
•redirects—Number of Redirect messages received by the ACE.
•neighbor solicit—Number of Neighbor Solicitation messages received by the ACE.
•neighbor advert—Number of Neighbor Advertisements received by the ACE.
|
Sent
|
•output—Number of packets sent by the ACE
•unreach—Number of Destination Unreachable messages sent by the ACE
•parameter problem—Number of packets sent by the ACE that had a problem with the IPv6 header or extension header fields
•hopcount expired—Number of packets whose hop counts went to zero that were sent by the ACE
•too big—Number of packets sent by the ACE that elicited a "packet too big" response because they were too long and could not be sent to the destination
•echo reply—Number of Echo Reply messages sent by the ACE
•group report—Number of group report messages sent by the ACE. Group report messages are generated when a member joins a multicast group.
•group reduce—Number of group reduce messages sent by the ACE. Group reduce messages are sent by a member when it leaves a multicast group.
|
Sent (cont.)
|
•router solicit—Number of Router Solicitation messages sent by the ACE.
•router advert—Number of Router Advertisement messages sent by the ACE.
•redirects—Number of Redirect messages sent by the ACE.
•neighbor solicit—Number of Neighbor Solicitation messages sent by the ACE.
•neighbor advert—Number of Neighbor Advertisements sent by the ACE.
|
TCP Statistics
|
Rcvd
|
Total number of TCP segments and errors received by the ACE.
|
Sent
|
Total number of TCP segments sent by the ACE.
|
UDP Statistics
|
Rcvd
|
Total number of UDP segments, UDP errors, and segments with no port number received by the ACE.
|
Sent
|
Total number of UDP segments sent by the ACE.
|
ND Statistics
|
Rcvd
|
Number of ND packets, errors, requests, and responses received by the ACE.
|
Sent
|
Number of ND packets, errors, requests, and responses sent by the ACE.
|
The show ipv6 route internal command is used for debugging purposes. The output of this command is for use by trained Cisco personnel as an aid in debugging and troubleshooting the ACE. For information on the command syntax, see the Command Reference, Cisco ACE Application Control Engine.
Displaying the IPv6 FIB Table Information
The forwarding information base (FIB) table contains information that the forwarding processors require to make IP forwarding decisions. This table is derived from the route and ND tables. To display the FIB table for the context, use the show ipv6 fib command. The syntax of this command is as follows:
show ipv6 fib
For example, enter:
host1/Admin# show ipv6 fib
Table 4-10 describes the fields in the show ipv6 fib command output.
Table 4-5 Field Description for the show ipv6 fib Command
Field
|
Description
|
Destination
|
Destination address for the route.
|
Interface
|
VLAN interface number for this entry.
|
EncapID
|
Encapsulation identifier.
|
Flag
|
Flag to identify the route type and state, as identified by one of the following codes displayed above the output information:
•H indicates a host route.
•I indicates interface route.
•S indicates a static route.
•N indicates a NAT route.
•A indicates that the route needs an ND resolve.
•E indicates an ECMP route.
•V indicates that the route destination matches a class map-defined virtual server.
|
Total route entries
|
Total number of route entries in the ND table.
|
To display a summary of the FIB table for the context, use the show ip fib summary command. For example, enter:
host1/Admin# show ipv6 fib summary
Table 4-11 describes the fields in the show ip fib summary command output.
Table 4-6 Field Description for the show ip fib summary Command
Field
|
Description
|
Resolved routes
|
Number of prefixes programmed in mtrie.
|
Leaves, bytes
|
Number of mtrie leaf nodes allocated and memory consumed in bytes.
|
Nodes, bytes
|
Number of mtrie internal nodes allocated and memory consumed in bytes.
|
ecmps, bytes
|
Number of ECMP nodes allocated and memory consumed in bytes.
|
The show ipv6 fib command is used for debugging purposes. The output of this command is for use by trained Cisco personnel as an aid in debugging and troubleshooting the ACE. For information on the command syntax, see the Command Reference, Cisco ACE Application Control Engine.
Displaying IPv4 Route Information
To display IPv4 routes on the ACE, use the show ip route command in Exec mode. The syntax of this command is as follows;
show ip route
For example, enter:
host1/Admin# show ip route
Table 4-7 describes the fields in the show ip route command output.
Table 4-7 Field Description for the show ip route Command
Field
|
Description
|
Destination
|
Destination address for the route.
|
Gateway
|
Gateway address for the route.
|
Interface
|
VLAN interface number for this entry.
|
Flag
|
Flag to identify the route type and state, as identified by one of the following codes displayed above the output information:
•H indicates a host route.
•I indicates an interface route.
•S indicates a static route.
•N indicates a NAT route.
•A indicates that the route needs an ARP resolve.
•E indicates an ECMP route.
|
To display the route summary for the current context, use the show ip route summary command. For example, enter:
host1/Admin# show ip route summary
Table 4-8 describes the fields in the show ip route summary command output.
Table 4-8 Field Description for the show ip route summary Command
Field
|
Description
|
Route Source
|
Source of the route. The possible value are as follows:
•Connected for a route to hosts that are connected to the same network.
•Static for a configured route.
|
Count
|
Number of routes that are connected or static.
|
Memory (bytes)
|
Memory consumed by the route entries.
|
To display IP traffic information, use the show ip traffic command in Exec mode. The syntax of this command is as follows:
show ip traffic
For example, enter:
host1/Admin# show ip traffic
Table 4-9 describes the fields in the show ip traffic command output.
Table 4-9 Field Descriptions for the show ip traffic Command
Output
Field
|
Description
|
IP Statistics
|
Rcvd
|
Total number of packets received by the ACE, number of bytes received by the ACE, number of input errors, number of packets received by the ACE with no route, and number of packets received by the ACE that had an unknown protocol.
|
Frags
|
Number of fragments that the ACE reassembled, number of fragments that the ACE could not reassemble, number of packets that the ACE fragmented, and number of packets that the ACE could not fragment.
|
Bcast
|
For IPv4, number of broadcast packets received and sent.
|
Mcast
|
Number of multicast packets received and sent.
|
Sent
|
Total packets sent, number of bytes sent, and number of packets sent with no route.
|
Drop
|
Number of packets discarded because they had no route and number of packets discarded.
|
ICMP Statistics
|
Rcvd
|
Reports statistics for the following ICMP messages received by the ACE:
•Redirects
•ICMP Unreachable
•ICMP Echo
•ICMP Echo Reply
•Mask Requests
•Mask Replies
•Quench
•Parameter
•Timestamp
|
Sent
|
Reports statistics for the following ICMP messages sent by the ACE:
•Redirects
•ICMP Unreachable
•ICMP Echo
•ICMP Echo Reply
•Mask Requests
•Mask Replies
•Quench
•Timestamp
•Parameter
•Time Exceeded
|
TCP Statistics
|
Rcvd
|
Total number of TCP segments and errors received by the ACE.
|
Sent
|
Total number of TCP segments sent by the ACE.
|
UDP Statistics
|
Rcvd
|
Total number of UDP segments, UDP errors, and segments with no port number received by the ACE.
|
Sent
|
Total number of UDP segments sent by the ACE.
|
ARP Statistics
|
Rcvd
|
Number of ARP packets, errors, requests, and responses received by the ACE.
|
Sent
|
Number of ARP packets, errors, requests, and responses sent by the ACE.
|
The show ip route internal command is used for debugging purposes. The output of this command is for use by trained Cisco personnel as an aid in debugging and troubleshooting the ACE. For information on the command syntax, see the Command Reference, Cisco ACE Application Control Engine.
Displaying the IPv4 FIB Table Information
The forwarding information base (FIB) table contains information that the forwarding processors require to make IP forwarding decisions. This table is derived from the route and ARP tables. To display the IPv4 FIB table for the context, use the show ip fib command. For example, enter:
Table 4-10 describes the fields in the show ip fib command output.
Table 4-10 Field Description for the show ip fib Command
Field
|
Description
|
Destination
|
Destination address for the route.
|
Interface
|
VLAN interface number for this entry.
|
EncapID
|
Encapsulation identifier.
|
Flag
|
Flag to identify the route type and state, as identified by one of the following codes displayed above the output information:
•H indicates a host route.
•I indicates interface route.
•S indicates a static route.
•N indicates a NAT route.
•A indicates that the route needs an ARP resolve.
•E indicates an ECMP route.
•V indicates that the route destination matches a class map-defined virtual server.
|
To display a summary of the FIB table for the context, use the show ip fib summary command. For example, enter:
host1/Admin# show ip fib summary
Table 4-11 describes the fields in the show ip fib summary command output.
Table 4-11 Field Description for the show ip fib summary Command
Field
|
Description
|
Resolved routes
|
Number of prefixes programmed in mtrie.
|
Leaves, bytes
|
Number of mtrie leaf nodes allocated and memory consumed in bytes.
|
Nodes, bytes
|
Number of mtrie internal nodes allocated and memory consumed in bytes.
|
ecmps, bytes
|
Number of ECMP nodes allocated and memory consumed in bytes.
|
The show ip fib command is used for debugging purposes. The output of this command is for use by trained Cisco personnel as an aid in debugging and troubleshooting the ACE. For information on the command syntax, see the Command Reference, Cisco ACE Application Control Engine.
Feedback
