Tuesday, March 28, 2017

A Note on Cisco Express Forwarding (CEF) & Its Evolution

CEF if the default forwarding method of Cisco routers & switches. In terms of both memory utilization and speed, CEF come in handy than Process Switching & Fast Switching. Also this is where actual data transport, load balancing etc happens..

Let's come from old days..

Process Switching is done fully in software level which is much slower and memory intensive. It is just looking the full routing table (RIB) for each and every packet to take the decision and look for the entire ARP cache to find the encapsulation information to forward out.
If CEF is disabled or failed, this method is the primary way of forwarding traffic..

Fast Switching is done by looking at the 1st packet of a flow and store the forwarding decision in the fast switching cache which will be used to forward later traffic of the same flow.
This is enabled using route-cache commands in in interfaces..

Cisco Express Forwarding on the other hand maintains 2 tables which is built using RIB and ARP cache.

(1) CEF table/ FIB (Forwarding Information Base)
(2) Adjacency table

CEF table is built using RIB + ARP cache while the Adjacency table is built summarizing the ARP cache. Actually these 2 new tables are just a new way of arranging the data of existing RIB & ARP cache which is much faster to query in the process of forwarding.







Let's take an example to see the difference.

I have taken the following outputs of a working network. Following is the complete RIB..





















Now let's see it's ARP cache.









Now let's see it's FIB..

As you can see, all the destinations are listed here.
A software based router hosts the FIB in DRAM while a multilayer switch like Catalyst 6500 or high end routers that have a distributed architecture will store the FIB in TCAM.

Note:- The TCAM (Ternary Content Addressable Memory) is a specialized type of memory that allows for efficient lookups of IP prefixes in the way it is organized and using the destination ip address as the search key.

ASICs (Application Specific Integrated Circuits) will be used to access the FIB and compare the values with the destination bit by bit. Because this comparison is done in hardware level, it is much faster.
When a match is found it will get additional L2 encapsulation information from the adjacency table for the corresponding interface to recreate the frame header and forwards it..

Following is the Adjacency table..

It only lists the neighbor devices connected to it's interfaces..




Let's see more details about the adjacencies..























Now you can see more info here.
You can see a long hexadecimal value for each interface.
Ex:- AABBCC002000AABBCC0010000800 for Eth0/0,

Here,
AABBCC002000 is the destination interface MAC while the
AABBCC001000 is the source interface MAC..
0800 indicates Ethernet..

CEF Adjacency Types

In CEF table you can see there are many different key words for Next Hop value. They are called CEF adjacency types.. Following is the list of them..

receive - this device (local)
attached - directly attached to interface
glean - attached but incorrect info. (ARP incomplete)
null - destined to a Null interface
drop - drops traffic
discard - drops traffic because of a configuration (ex:-ACL)
punt - send to control plane because of a bit set

Distributed CEF (dCEF)

This is how CEF is operated in the L3 switches which has line cards. (Ex:- Cisco 6500, 4500)

In this flavor of CEF, multiple copies of FIB is stored in Line Cards as well as in the Supervisor Engine.
Supervisor Engine / Route Processor is where the routing table and all the control plane work is done while the Line Cards are where the devices actually connected..

There are some more advantages than the speed here. Let's think if we have 2 Supervisor Engines for redundancy and if one Supervisor Engine fails, the other one can take over without stop forwarding traffic which will enable Nonstop Forwarding..

In the "Adjacency Detail" table, you can see epoch 0 which acts as a revision number for dCEF copies..

Enabling / Disabling CEF

By default all the Cisco switches and routers are CEF enabled. This can be done in global configuration mode. no before the command will disable CEF globally.
R(config)#ip cef

After enabling globally, CEF will run in every interface. But if needed, you can disable CEF per interface too using the following command..
R(config-if)#no ip route-cache cef

Useful CEF show commands
show ip cef <destination>
show adjacency
show adjacency detail
show ip cef epoch

0 comments to “A Note on Cisco Express Forwarding (CEF) & Its Evolution”

Post a Comment