CEF (Cisco Express Forwarding)


(Rene Molenaar) #1

This topic is to discuss the following lesson:


(Rene Molenaar) #2

Wow, great article. Thanks for your work. I knew that there is always a “ip cef” command in the routers, but I never did a deep inspection of that.
- What I am missing is a small summary. What is Cisco CEF all about? Maybe this is one of your core points?: “The multilayer switch will use the information from tables that are built by the (control plane) to build hardware tables.”
- What about other router vendors? I think they are doing the same but have different names for it?


(Rene Molenaar) #3

Thanks Johannes!

The reason why we need CEF is simple…a router has to perform multiple steps before it can forward a packet…routing table lookup, ARP table lookup, ACLs, etc. If you do all of this in software then it will be very slow. With CEF we put all this information into a single hardware table which allows really fast packet forwarding.

Other vendors do the same thing, CEF is Cisco-only though.

Rene


(system) #4

One small thing that may need to be clarified. CEF isn’t linked to hardware forwarding.

Routers can have both software forwarding with CEF, or it can install the CEF entries into hardware. This is platform dependent - platforms such as the 1800 or 2800 don’t have dedicated forwarding hardware.


(Rene Molenaar) #5

Hi Greg,

Thanks for your comment and you are right, this is important to know. I’ll edit the post to mention this.

Rene


(Srinivasan C) #6

Hi Rene,
Thanks. Complex technology explained in simple article and very easy to understand.


(miguel J) #7

This Awsome!!! Thanks Rene!


(Robert G) #8

Hi Rene,

Nice Article!

For this section below - How does the router determine if future packets received are part of the same flow? Will it still strip the Ethernet header and look at the IP information for each packet? Is it based purely on Layer 3 info?

Fast switching is more efficient because it will lookup the first IP packet but it will store the forwarding decision in the fast switching cache. When the routers receive Ethernet frames carrying IP packets in the same flow it can use the information in the cache to forward them to the correct outgoing interface

Cheers

Rob


(Rene Molenaar) #9

Hi Rob,

Good question! Fast switching only looks at the IP packet and I believe it considers everything with the same destination IP address as to be in the same
flow, that’s it.

Some other protocols that use flows (like netflow) check many different fields including source/dest port, source/dest address, TOS byte, etc.

Rene


(Diego M) #10

Hi Rene,

Great leasson.

My router has ip cef active. Why it does show me that both CEF and fast switch are enabled?

R4#sh ip int FastEthernet0/1
FastEthernet0/1 is up, line protocol is up
Internet address is 1.1.1.2/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound  access list is not set
Proxy ARP is enabled
Local Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are never sent
ICMP unreachables are always sent
ICMP mask replies are never sent
<strong>IP fast switching is enabled</strong>
IP fast switching on the same interface is enabled
IP Flow switching is disabled
<strong>IP CEF switching is enabled</strong>
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
<strong>IP route-cache flags are Fast, CEF</strong>
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled

(Rene Molenaar) #11

Hi Diego,

The router will try to use CEF for all packets. If it unable to do so, it will try to fast switch them. If that fails, then it will use process switching.

Rene


(Davis W) #12

Dear Rene,

Will the CEF occupied a lot of memory since the another new table will created and store layer 2 and layer 3 information?

Davis

 


(Rene Molenaar) #13

Hi Davis,

Most devices use separate memory for CEF. You can see how much it’s using with the show cef memory command.

Rene


(Kay A) #14

This lesson demystified some terms I’ve always wondered about!

It looks like the output for sh ip cef changed somewhere along the way. Do you know what equivalent commands would show the type of adjacency in 15.2?

This is all I get:

R1#sh ip cef 3.3.3.0
3.3.3.0/24
  nexthop 10.0.1.2 FastEthernet0/0
R1#

Thanks!


(Rene Molenaar) #15

Hi Kay,

You can add some parameters:

R1#show ip cef 2.2.2.0/24 detail 
2.2.2.0/24, epoch 0, flags [rib only nolabel, rib defined all labels]
  recursive via 192.168.12.2
    attached to GigabitEthernet0/1
R1#show ip cef 2.2.2.0/24 internal 
2.2.2.0/24, epoch 0, flags [rnolbl, rlbls], RIB[B], refcnt 5, per-destination sharing
  sources: RIB 
  feature space:
    IPRM: 0x00018000
  ifnums:
    GigabitEthernet0/1(3): 192.168.12.2
  path list 0C4FE384, 3 locks, per-destination, flags 0x269 [shble, rif, rcrsv, hwcn, bgp]
    path 0EFEFE44, share 1/1, type recursive, for IPv4
      recursive via 192.168.12.2[IPv4:Default], fib 0EE77490, 1 terminal fib, v4:Default:192.168.12.2/32
      path list 0C4FE3D4, 2 locks, per-destination, flags 0x49 [shble, rif, hwcn]
          path 0EFEFEAC, share 1/1, type adjacency prefix, for IPv4
            attached to GigabitEthernet0/1, IP adj out of GigabitEthernet0/1, addr 192.168.12.2 0DA2D8B8
  output chain:
    IP adj out of GigabitEthernet0/1, addr 192.168.12.2 0DA2D8B8

Rene


(Diana M) #16

Hi Rene,

Great leasson !!

I have a question… If in the router I have configured ACL … QoS… Etc, all these conditions are evaluated before the CEF, really?

Thx,


(Rene Molenaar) #17

Hi Diana,

It depends on a number of factors. One of them is if your traffic is inbound or outbound.

For example, when you have an outbound access-list then first we have to do the routing part to figure out which outgoing interface to use. If that interface has an access-list then we’ll have to check if the packet is permitted or not.

When traffic is inbound, it will first hit the access-list.

It also depends on the platform that you are using. Some routers/switches will have different hardware tables for ACLs, others might store them in software etc.

Rene


(Ersin E) #18

Hi Rene,

I couldnt understand What is the relationship cam , tcam and fib? I am trying to complete packet’s travel from source to destination.

Best Regards


(Andrew P) #19

CAM: High speed memory that is primarily used for a switch’s layer 2 lookup information. This information allows the switch to decide which port to send a packet to (a known MAC address) or whether to flood it to all ports (unknown MAC address).

TCAM: Not all switches have this. Think of this as an extension of CAM. It is used for very rapid decisions on ACLs and Quality of Service. On high end layer 3 switches, the TCAM can also contain the FIB, again, so specialized hardware can making routing decisions without interrupting the central CPU of the switch.

FIB: When you think of the FIB vs the RIB, or routing table, the difference is where they “live” on the hardware. The RIB lives in the control plane, while FIB lives in the data plane. Any decisions made at the FIB level are fast and do not require an interrupt (and therefore time) from the device itself.

So the CAM/TCAM and FIB aren’t directly related other than the FIB may or may not be held in the TCAM depending on your switch model.

So, in the example of a packet traveling from source to destination, if a packet’s destination is on a remote subnet, the packet’s destination MAC would be set to the gateway’s MAC. The switch would use the CAM to determine in which port the gateway resides, and it would send it there. Depending on the model hardware involved, the layer3 switch or router would use the FIB to decide what the next hop needs to be (and since the FIB might be in the TCAM–again depending on the model–the TCAM might be used in this process). This would continue until the packet arrives at the destination subnet, where the final switch would again use the CAM table to determine the destination’s MAC and corresponding port.


(Jason W) #20

In your Cisco Campus Network Design Basic lesson you outlined the different switches (Access - 2960-X, 3650, 3850, 4500E, Dist/Core - 4500-X, 4500-E, 6807-XL). Could you just elaborate a little on what type of CAM or TCAM would be in these switches? Would a switch (Cisco) have both a CAM table and a TCAM table? Or is it one or the other? Is CAM table identify as a Layer 2 switch and TCAM is a layer 3 switch?