CCNP ROUTE 300-101 Part 1.0 – Network Principles

In its basic essence, Cisco Express Forwarding (CEF), is a feature that allows a router
to quickly and efficiently make a route lookup.

 

Cisco Express Forwarding

CEF is an optimized Layer 3 forwarding path through a router or switch. CEF optimizes routing table lookup by creating a special, easily searched tree structure based on the IP routing table. The forwarding information is called the Forwarding Information Base (FIB), and the cached adjacency information is called the Adjacency Table.

 

A lot of sources on router architecture divides router functions into three operational planes:

  • Management plane: is concerned with the management of the device. For example, an administrator connecting to a router through a Secure Shell (SSH) connection through one of the router’s VTY lines would be a management plane operation.
  • Control plane: is concerned with making packet-forwarding decisions. For example, routing protocol operation would be a control plane function. (the brain of the network)
  • Data plane: is concerned with the forwarding of data through a router (ASIC). For example, end-user traffic traveling from a user’s PC to a web server on a different network would go across the data plane. (means the hardware itself)

 

Data plane and control plane are the two planes that most directly impact how quickly packets can flow through a router. We will consider these two planes of operation and examine three different approaches that Cisco routers can take to forward packets arriving on an ingress interface and being sent out an appropriate egress interface – Packet Switching.

 

Note: Many people have a challenge with the term packet switching, because they think of Layer 2 operation, while routing being a Layer 3 operation. The key to understanding this term is to think of “Frame Switching” being Layer 2, while “Packet Switching” (routing) Layer 3 operation.

 

Cisco routers support the following three primary modes of packet switching:

  • Process switching
  • Fast switching
  • Cisco Express Forwarding (CEF)

 

Process Switching

When a router routes a packet (that is, performs packet switching), the router removes the packet’s Layer 2 header, examines the Layer 3 addressing, and decides how to forward the packet. The Layer 2 header is then rewritten (changing the source and destination MAC addresses and computing a new CRC), and the packet is forwarded out an appropriate interface. With process switching, as shown below, a router’s CPU becomes directly involved with packet-switching decisions. As a result, the performance of a router configured for process switching can suffer significantly.

packet switching

Note:  An interface can be configured for process switching by disabling fast switching on that interface. The command used to disable fast switching is:

R1(config)# no ip route-cache

 

Fast Switching

Fast switching uses a fast cache maintained in a router’s data plane (hardware). The fast cache contains information about how traffic from different data flows should be forwarded. As seen below, the first packet in a data flow is process switched by a router’s CPU.

After the router determines how to forward the first frame of a data flow, the forwarding information is stored in the fast cache. Subsequent packets in that same data flow are
forwarded based on information in the fast cache, as opposed to being process switched.
As a result, fast switching dramatically reduces a router’s CPU utilization, as compared to
process switching.

fast switching

Fast switching can be configured in interface configuration mode with the command:

R1(config-if)# ip route-cache

 

Cisco Express Forwarding

CEF maintains two tables in the data plane (forwarding plane). The Forwarding Information Base (FIB) maintains Layer 3 forwarding information, whereas the Adjacency table maintains Layer 2 information for next hops listed in the FIB.

Using these tables, populated from a router’s IP routing table and ARP cache, CEF can efficiently make forwarding decisions. CEF does not require the first packet of a data flow to be process switched, like fast switching. Rather, an entire data flow can be forwarded at the data plane, as seen below.

CEF

On many platforms, CEF is enabled by default. If it is not, you can globally enable
it with the following command:

R1(config)# ip cef

Alternately, if CEF is enabled globally but is not enabled on a specific interface, you can enable it on that interface with interface configuration command

R1(config-if)# ip route-cache cef

 

CEF Configuration and Verification

Enable CEF globaly

R1(config)# ip cef

 

Enable CEF on an interface (if CEF is globally enabled), in interface mode

R1(config-if)# ip route-cache cef

 

Verify multiple interface statistics, including information about an interface’s packet-switching mode.

R1# show ip interface fa0/0

 

Verify the contents of a router’s FIB.

R1# show ip cef

 

Verify information contained in the adjacency table of a router, including protocol and timer information.

R1# show adjacency detail

 

Next example illustrates the configuration and verification of CEF operation.  The routers in this topology have already been configured to exchange routes through EIGRP.

cef operation

R1 has CEF enabled globally but CEF is not enabled on interface Fa0/0. Next example shows how to enable CEF on an interface if CEF is already enabled globally.

R1# show ip int fa 0/0
FastEthernet0/0 is up, line protocol is up
Internet address is 172.16.1.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.10
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is disabled
... OUTPUT OMITTED ...

 

Configure CEF on the same interface

R1# conf term
R1(config)# int fa 0/0
R1(config-if)# ip route-cache cef
R1(config-if)# end

 

Verify CEF configuration on the interface

R1# show ip int fa 0/0
FastEthernet0/0 is up, line protocol is up
Internet address is 172.16.1.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.10
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
... OUTPUT OMITTED ...

 

On R2 CEF is disabled globally so we need to configure CEF on R2

 R2# show ip int fa 0/0
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.10
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is disabled
IP Flow switching is disabled
IP CEF switching is disabled
... OUTPUT OMITTED ...

R2# conf t
R2(config)# ip cef
R2(config)# end
R2# show ip int fa 0/0
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.10
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
... OUTPUT OMITTED ...

 

Verifying CEF operation on R1

R1# show ip cef
Prefix Next Hop Interface
0.0.0.0/0 no route
0.0.0.0/8 drop
0.0.0.0/32 receive
1.1.1.1/32 receive Loopback0
2.2.2.2/32 10.1.1.2 Serial1/0
10.1.1.0/30 attached Serial1/0
10.1.1.0/32 receive Serial1/0
10.1.1.1/32 receive Serial1/0
10.1.1.3/32 receive Serial1/0
127.0.0.0/8 drop
172.16.1.0/24 attached FastEthernet0/0
172.16.1.0/32 receive FastEthernet0/0
172.16.1.1/32 receive FastEthernet0/0
172.16.1.255/32 receive FastEthernet0/0
192.168.1.0/24 10.1.1.2 Serial1/0
224.0.0.0/4 drop
224.0.0.0/24 receive
240.0.0.0/4 drop
255.255.255.255/32 receive

R1# show adjacency detail
Protocol Interface Address
IP Serial1/0 point2point(11)
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 1
Encap length 4
0F000800
P2P-ADJ

 

The show ip cef command, shows the contents of the FIB for Router R1. Note that if the next hop of a network prefix is set to attached, the entry represents a network to which the router is directly attached. If the next hop of a network prefix is set to receive, the entry represents an IP address on one of the router’s interfaces.

For example, the network prefix 10.1.1.0/30, with a next hop of attached, is a network
(30-bit mask) directly attached to Router R1’s Serial 1/0 interface. However, the network prefix of 10.1.1.1/32 with a next hop of receive is a specific IP address (32-bit mask). Note that the all-0’s host addresses for directly attached networks (for ex, 10.1.1.0/30) and the all-1’s host addresses for directly attached networks (for ex, 172.16.1.255/32) also show up as receive entries.

Output from the show adjacency detail command displays information about how to
reach a specific adjacency shown in the FIB. Indicates that network 192.168.1.0 /24 is reachable by going out of interface Serial 1/0. The adjacency table also shows interface Serial 1/0 uses a point-to-point connection. Therefore, the adjacent router is on the other side of the point-to-point link. If an interface in the adjacency table is an Ethernet interface, source and destination MAC address information is contained in the entry for the interface.

 

 

Hope this helps someone else!

Advertisements