This topic is to discuss the following lesson:
Wow, great article. Thanks for your work. I knew that there is always a “ip cef” command in the routers, but I never did a deep inspection of that.
- What I am missing is a small summary. What is Cisco CEF all about? Maybe this is one of your core points?: “The multilayer switch will use the information from tables that are built by the (control plane) to build hardware tables.”
- What about other router vendors? I think they are doing the same but have different names for it?
The reason why we need CEF is simple…a router has to perform multiple steps before it can forward a packet…routing table lookup, ARP table lookup, ACLs, etc. If you do all of this in software then it will be very slow. With CEF we put all this information into a single hardware table which allows really fast packet forwarding.
Other vendors do the same thing, CEF is Cisco-only though.
One small thing that may need to be clarified. CEF isn’t linked to hardware forwarding.
Routers can have both software forwarding with CEF, or it can install the CEF entries into hardware. This is platform dependent - platforms such as the 1800 or 2800 don’t have dedicated forwarding hardware.
Thanks for your comment and you are right, this is important to know. I’ll edit the post to mention this.
Thanks. Complex technology explained in simple article and very easy to understand.
This Awsome!!! Thanks Rene!
For this section below - How does the router determine if future packets received are part of the same flow? Will it still strip the Ethernet header and look at the IP information for each packet? Is it based purely on Layer 3 info?
Fast switching is more efficient because it will lookup the first IP packet but it will store the forwarding decision in the fast switching cache. When the routers receive Ethernet frames carrying IP packets in the same flow it can use the information in the cache to forward them to the correct outgoing interface
Good question! Fast switching only looks at the IP packet and I believe it considers everything with the same destination IP address as to be in the same
flow, that’s it.
Some other protocols that use flows (like netflow) check many different fields including source/dest port, source/dest address, TOS byte, etc.
My router has ip cef active. Why it does show me that both CEF and fast switch are enabled?
R4#sh ip int FastEthernet0/1 FastEthernet0/1 is up, line protocol is up Internet address is 220.127.116.11/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are never sent ICMP unreachables are always sent ICMP mask replies are never sent <strong>IP fast switching is enabled</strong> IP fast switching on the same interface is enabled IP Flow switching is disabled <strong>IP CEF switching is enabled</strong> IP CEF Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled <strong>IP route-cache flags are Fast, CEF</strong> Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is disabled BGP Policy Mapping is disabled WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled
The router will try to use CEF for all packets. If it unable to do so, it will try to fast switch them. If that fails, then it will use process switching.
Will the CEF occupied a lot of memory since the another new table will created and store layer 2 and layer 3 information?
Most devices use separate memory for CEF. You can see how much it’s using with the show cef memory command.
This lesson demystified some terms I’ve always wondered about!
It looks like the output for
sh ip cef changed somewhere along the way. Do you know what equivalent commands would show the type of adjacency in 15.2?
This is all I get:
R1#sh ip cef 18.104.22.168 22.214.171.124/24 nexthop 10.0.1.2 FastEthernet0/0 R1#
You can add some parameters:
R1#show ip cef 126.96.36.199/24 detail 188.8.131.52/24, epoch 0, flags [rib only nolabel, rib defined all labels] recursive via 192.168.12.2 attached to GigabitEthernet0/1
R1#show ip cef 184.108.40.206/24 internal 220.127.116.11/24, epoch 0, flags [rnolbl, rlbls], RIB[B], refcnt 5, per-destination sharing sources: RIB feature space: IPRM: 0x00018000 ifnums: GigabitEthernet0/1(3): 192.168.12.2 path list 0C4FE384, 3 locks, per-destination, flags 0x269 [shble, rif, rcrsv, hwcn, bgp] path 0EFEFE44, share 1/1, type recursive, for IPv4 recursive via 192.168.12.2[IPv4:Default], fib 0EE77490, 1 terminal fib, v4:Default:192.168.12.2/32 path list 0C4FE3D4, 2 locks, per-destination, flags 0x49 [shble, rif, hwcn] path 0EFEFEAC, share 1/1, type adjacency prefix, for IPv4 attached to GigabitEthernet0/1, IP adj out of GigabitEthernet0/1, addr 192.168.12.2 0DA2D8B8 output chain: IP adj out of GigabitEthernet0/1, addr 192.168.12.2 0DA2D8B8
Great leasson !!
I have a question… If in the router I have configured ACL … QoS… Etc, all these conditions are evaluated before the CEF, really?
It depends on a number of factors. One of them is if your traffic is inbound or outbound.
For example, when you have an outbound access-list then first we have to do the routing part to figure out which outgoing interface to use. If that interface has an access-list then we’ll have to check if the packet is permitted or not.
When traffic is inbound, it will first hit the access-list.
It also depends on the platform that you are using. Some routers/switches will have different hardware tables for ACLs, others might store them in software etc.
I couldnt understand What is the relationship cam , tcam and fib? I am trying to complete packet’s travel from source to destination.
CAM: High speed memory that is primarily used for a switch’s layer 2 lookup information. This information allows the switch to decide which port to send a packet to (a known MAC address) or whether to flood it to all ports (unknown MAC address).
TCAM: Not all switches have this. Think of this as an extension of CAM. It is used for very rapid decisions on ACLs and Quality of Service. On high end layer 3 switches, the TCAM can also contain the FIB, again, so specialized hardware can making routing decisions without interrupting the central CPU of the switch.
FIB: When you think of the FIB vs the RIB, or routing table, the difference is where they “live” on the hardware. The RIB lives in the control plane, while FIB lives in the data plane. Any decisions made at the FIB level are fast and do not require an interrupt (and therefore time) from the device itself.
So the CAM/TCAM and FIB aren’t directly related other than the FIB may or may not be held in the TCAM depending on your switch model.
So, in the example of a packet traveling from source to destination, if a packet’s destination is on a remote subnet, the packet’s destination MAC would be set to the gateway’s MAC. The switch would use the CAM to determine in which port the gateway resides, and it would send it there. Depending on the model hardware involved, the layer3 switch or router would use the FIB to decide what the next hop needs to be (and since the FIB might be in the TCAM–again depending on the model–the TCAM might be used in this process). This would continue until the packet arrives at the destination subnet, where the final switch would again use the CAM table to determine the destination’s MAC and corresponding port.
In your Cisco Campus Network Design Basic lesson you outlined the different switches (Access - 2960-X, 3650, 3850, 4500E, Dist/Core - 4500-X, 4500-E, 6807-XL). Could you just elaborate a little on what type of CAM or TCAM would be in these switches? Would a switch (Cisco) have both a CAM table and a TCAM table? Or is it one or the other? Is CAM table identify as a Layer 2 switch and TCAM is a layer 3 switch?