Tuesday, March 28, 2017

A Note on Cisco Express Forwarding (CEF) & Its Evolution

CEF if the default forwarding method of Cisco routers & switches. In terms of both memory utilization and speed, CEF come in handy than Process Switching & Fast Switching. Also this is where actual data transport, load balancing etc happens..

Let's come from old days..

Process Switching is done fully in software level which is much slower and memory intensive. It is just looking the full routing table (RIB) for each and every packet to take the decision and look for the entire ARP cache to find the encapsulation information to forward out.
If CEF is disabled or failed, this method is the primary way of forwarding traffic..

Fast Switching is done by looking at the 1st packet of a flow and store the forwarding decision in the fast switching cache which will be used to forward later traffic of the same flow.
This is enabled using route-cache commands in in interfaces..

Cisco Express Forwarding on the other hand maintains 2 tables which is built using RIB and ARP cache.

(1) CEF table/ FIB (Forwarding Information Base)
(2) Adjacency table

CEF table is built using RIB + ARP cache while the Adjacency table is built summarizing the ARP cache. Actually these 2 new tables are just a new way of arranging the data of existing RIB & ARP cache which is much faster to query in the process of forwarding.

Let's take an example to see the difference.

I have taken the following outputs of a working network. Following is the complete RIB..

Now let's see it's ARP cache.

Now let's see it's FIB..

As you can see, all the destinations are listed here.
A software based router hosts the FIB in DRAM while a multilayer switch like Catalyst 6500 or high end routers that have a distributed architecture will store the FIB in TCAM.

Note:- The TCAM (Ternary Content Addressable Memory) is a specialized type of memory that allows for efficient lookups of IP prefixes in the way it is organized and using the destination ip address as the search key.

ASICs (Application Specific Integrated Circuits) will be used to access the FIB and compare the values with the destination bit by bit. Because this comparison is done in hardware level, it is much faster.
When a match is found it will get additional L2 encapsulation information from the adjacency table for the corresponding interface to recreate the frame header and forwards it..

Following is the Adjacency table..

It only lists the neighbor devices connected to it's interfaces..

Let's see more details about the adjacencies..

Now you can see more info here.
You can see a long hexadecimal value for each interface.
Ex:- AABBCC002000AABBCC0010000800 for Eth0/0,

AABBCC002000 is the destination interface MAC while the
AABBCC001000 is the source interface MAC..
0800 indicates Ethernet..

CEF Adjacency Types

In CEF table you can see there are many different key words for Next Hop value. They are called CEF adjacency types.. Following is the list of them..

receive - this device (local)
attached - directly attached to interface
glean - attached but incorrect info. (ARP incomplete)
null - destined to a Null interface
drop - drops traffic
discard - drops traffic because of a configuration (ex:-ACL)
punt - send to control plane because of a bit set

Distributed CEF (dCEF)

This is how CEF is operated in the L3 switches which has line cards. (Ex:- Cisco 6500, 4500)

In this flavor of CEF, multiple copies of FIB is stored in Line Cards as well as in the Supervisor Engine.
Supervisor Engine / Route Processor is where the routing table and all the control plane work is done while the Line Cards are where the devices actually connected..

There are some more advantages than the speed here. Let's think if we have 2 Supervisor Engines for redundancy and if one Supervisor Engine fails, the other one can take over without stop forwarding traffic which will enable Nonstop Forwarding..

In the "Adjacency Detail" table, you can see epoch 0 which acts as a revision number for dCEF copies..

Enabling / Disabling CEF

By default all the Cisco switches and routers are CEF enabled. This can be done in global configuration mode. no before the command will disable CEF globally.
R(config)#ip cef

After enabling globally, CEF will run in every interface. But if needed, you can disable CEF per interface too using the following command..
R(config-if)#no ip route-cache cef

Useful CEF show commands
show ip cef <destination>
show adjacency
show adjacency detail
show ip cef epoch

Wednesday, March 8, 2017

Methods of Assigning IPv6 Addresses

If you are not familiar with IPv6 addressing please refer this post. You will also need some basic understanding about the multicast routing (solicitation) to understand this. Here I am going to assign & configure IPv6 addresses on interfaces..

Let's get on with the topology..

There is no VLAN configured in the switch, It is just connecting the 3 routers in to a single broadcast domain.

All 3 routers are enabled with IPv6 routing & CEF (Cisco Express Forwarding) using the following commands..
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 cef

Like the ARP (Address Resolution Protocol) in IPv4; IPv6 has its own method of address resolution..
IPv6 uses 4 types of packets to resolve addresses of other interfaces in its subnet.

(1) Neighbor Solicitation (NS): equivalent to ARP request
(2) Neighbor Advertisement (NA): equivalent to ARP reply in gratuitous mode
(3) Router Solicitation (RS)
(4) Router Advertisement (RA)

Enabling IPv6 with Link Local Addresses

Let's enable IPv6 on R1's e0/0 interface and see what happens..
R1(config-if)#ipv6 enable

Note:- If you are going to use Global Unicast addresses, you don't want to enter the above command.
This command is only for Link Local Addresses..

Now you can see, it has automatically assigned its Link Local address with EUI-64 format using its MAC address.

What happens at the back end is that;

Step 01
R1 1st calculates and comes up with its IPv6 address (in this case FE80::A8BB:CCFF:FE00:1000)

Step 02
Then it sends a multicast packet to FF02::1:FFxx:xxxx (last 6 digits are from the EUI-64 address which it came up with) which is the all solicited multicast address used for auto configuration and auto discovery of the IPv6 interfaces in a subnet (in this case it is FF02::1:FF00:1000)
The source of this packet is "::" which is called unspecified / null address..
What R1 actually doing here is it asks other routers in the segment;

Does anybody else use FE80::A8BB:CCFF:FE00:1000 for an interface??

This mechanism is called "DAD" (Duplicate Address Detection) & this packet is called the "NS" (Neighbor Solicitation) packet..

Step 03
If there is no reply coming from other routers, R1 thinks no one else is using it and R1 assigns it to its interface & starts using it..

Step 04
Then R1 sends 2 packets to the destination FF02::1 which goes to all nodes in the segment sourcing its new address FE80::A8BB:CCFF:FE00:1000
1st packet is called a "NA" (Neighbor Advertisement) and the 2nd packet is called a "RA" (Router Advertisement)
NA is like a ARP reply in IPv4..
It is really like a gratuitous ARP, because it is sending its ARP reply equivalent even though no one asked it.. So that other routers in the segment will know the MAC address (populate neighbor discovery cache) of the R1's interface since then..
RA contains the capabilities of the interface like MTU..

Assigning Addresses Statically

This is how you assign global unicast addresses to a router interface. It is just like in IPv4..
R1(config-if)#ipv6 address 2001::1/64

Note:- Even though you entered an IPv6 address statically, it automatically generates its Link Local address in previous method and undergo the above 4 steps..

Assigning Addresses via SLAAC

SLAAC refers to Stateless Address Auto Configuration. This method works only for /64s on the link.
Now let's start from clean configurations of routers.
Lets configure SLAAC on R3's Eth0/0 interface 1st and see what happens..
R3(config-if)#ipv6 address auto-config

You can see It automatically assigns its Link Local address to the interface just like in previous example. So it runs the above 4 steps and sends the NS to run DAD and the NA & the RA to inform its IPv6 address and MAC address to other neighbors..

In addition to that in this case R3 uses a "RS" (Router Solicitation) destined to FF02::2 (which is all routers in the segment in IPv6 multicast) from the source address as its Link Local address to ask other routers in the segment that;

Is there anyone who can give me an IPv6 global unicast prefix??

Now let's assign an IPv6 address to the R1's Eth0/0 interface manually..

You can see that R1 has assigned its Link Local address automatically to its interface along with the IPv6 address I gave manually.

Now R1 responds to the R3's RS with a RA mentioning its global unicast prefix..

Now let's see what has happened at the R3's side which the SLAAC is configured..

You can see It has now automatically assigned a global unicast address which has the 2001::/64 prefix with its EUI-64 format as the interface ID portion.

This is the behavior of SLAAC..
If you can assign an IPv6 address to one router and automatically other routers will grab the prefix and come up with their own EUI-64 based global unicast IPv6 address..


SLAAC can give a router an IP address but cannot give the other options which a DHCP server provides. Ex:- DNS, TFTP option 150 for IP phones etc.

You can use SLAAC to auto assign IP addresses while use a DHCP to provide other options to routers or you can use DHCP for both address assigning and option delivery.

In RA messages which are sent from a router, there are 2 config flags which can be set in link level informing other routers in the segment to use SLAAC or DHCP for the address assigning and DHCP options receiving. These are disabled by default in routers..

When this flag is set, it says other routers to use SLAAC to assign addresses only. Use DHCPv6 to receive other options like DNS, TFTP etc..
R1(config-if)#ipv6 nd other-config-flag

When this flag is set, it says other routers to use DHCPv6 for both address assigning and to receive other options like DNS, TFTP etc..
R1(config-if)#ipv6 nd managed-config-flag

General Prefix

This helps readdressing  your interfaces with newly assigned IPv6 prefix by a Regional Internet Registrar or Service Provider..
If an organization is assigned a /32, then all prefixes should be derived from this /32

This can be defined globally 1st,
R1(config)#ipv6 general prefix <PREFIX NAME> 3000:123::/32

and then enabled in interfaces..
R1(config-if)#ipv6 address <PREFIX NAME> ::1/64

Then the prefix and the interface ID is merged to create the full address..

If the old prefix was configured with the general prefix option, you can delete all the ip addresses which has been generated by that prefix by simply entering "no" before the command. This helps you to easily readdress interfaces..
Otherwise both the old and new addresses will be working together..