CEF (CISCO EXPRESS FORWARDING)

To understand CEF let discuss little bit about packet switching technology (not
Layer 2 switching)

As per CISCO there are three type of Packet switching (on L3) Technology.

 Process Switching: Router strips off the Layer 2 header for each incoming frame, looks
up the Layer 3 destination network address in the routing table for each packet, and then
sends the frame with rewritten Layer 2 header, including computed cyclic redundancy
check (CRC), to the outgoing interface. All these operations are done by software
running on the CPU for each individual frame. Process switching is the most CPU-
intensive method available in Cisco routers. It can greatly degrade performance and is
generally used only as a last resort or during troubleshooting.
 Fast Switching: After the lookup of the first packet destined for a particular IP network,
the router initializes the fast-switching cache used by the fast switching mode. When
subsequent frames arrive, the destination is found in this fast-switching cache. The frame
is rewritten with corresponding link addresses and is sent over the outgoing interface.
Fast switching A.K.A demanded based switching
 Cisco Express Forwarding (CEF): The default-switching mode. CEF is less CPU-
intensive than fast switching or process switching. A router with CEF enabled uses
information from tables built by the CPU, such as the routing table and ARP table, to
build hardware-based tables known as the Forwarding Information Base (FIB) and
adjacency tables. These tables are then used to make hardware-based forwarding
decisions for all frames in a data flow, even the first. Although CEF is the fastest
switching mode, there are limitations, such as other features that are not compatible with
CEF or rare instances in which CEF functions can actually degrade performance, such as
CEF polarization in a topology using load-balanced Layer 3 paths
Newer switches CEF enabled by default
Summary of switching technology

Process switching: -
 Work with every packet for L2 address alternation & CRC checking.
 Get next hop L2 address using ARP.
 Routing table lookup for every packet.
 Use software/OS/IOS with every packet.
 More CPU intensive.
 Slower speed.

Fast switching/demanded based: -

 It similar to ‘processing switching’ but maintain cache (route cache).
 Keeps recently use next hop address L2 and exit interface information form
the routing table.
 Flow (same source and destination traffic) use route cache.
 Less CPU intensive, Faster than previous technology.
 Cache updating problem

CEF (CISCO express forwarding) proprietary/topology based:-

 Similar to ‘fast switching’ but use (ASIC) dedicated hardware for it.
 Use FIB (Forwarding information base) or mini routing information table and
adjacency table.
 Minimum CPU intensive, Faster speed/wired speed
 Immediately FIB/Adjacency updating
More about CEF
This is CISCO technology that used in Layer three switches and router (not
available to all models) for faster speed, it also required a special packet switching
dedicated hardware named ASIC (Application-specific integrated circuit) this
hardware design to use specific task not for general purpose, Because of that CEF
enabled device are costly (I guessed).
ASICs are used to accelerate Layer 2 and Layer 3 switching, store and process QoS
and security ACLs, and maintain NetFlow statistics.

This is an example of ASIC

http://en.wikipedia.org/wiki/Application-specific_integrated_circuit (to know more about ASIC)

CEF/ASIC technology have basically it has two major components.

1) Forwarding information base (FIB)/table
2) Adjacency table

Forwarding information base (FIB)

CEF uses a FIB to make IP destination prefix-based switching decisions. The FIB is
conceptually similar to a routing table or information base. It maintains a mirror
image of the forwarding information contained in the IP routing table. When routing or
topology changes occur in the network, the IP routing table is updated, and these
changes are reflected in the FIB. The FIB maintains next-hop address information
based on the information in the IP routing table. Because there is a one-to-one
correlation between FIB entries and routing table entries, the FIB contains all known
routes and eliminates the need for route cache maintenance that is associated with
switching paths such as fast switching and optimum switching.
 Adjacency Table
The adjacency table maintains layer 2 or switching information linked to a particular
FIB entry, avoiding the need for an ARP request for each table lookup. There are several
types of adjacencies. Some are listed below:

Cache adjacency: This type of entry contains the correct outbound interface and the
correct MAC address for its FIB entry. The MAC address is the IP addresses MAC
address if the destination's subnet is directly connected to the router, or is the MAC
address of the router that the packet needs to be sent to if the destination's subnet is not
directly connected to the router currently processing the packet.

Receive adjacency: This type of entry handles packets whose final destinations include
the router itself. This includes packets whose IP addresses are assigned to the router
itself, broadcast packets, and multicasts that have set up the router itself as one of the
destinations.

Null adjacency: Handles packets destined to a NULL interface. Packets with FIB entries
pointing to NULL adjacencies will normally be dropped.

Punt adjacency: Deals with packets that require special handling or cannot be
switched by CEF. Such packets are forwarded to the next switching layer (generally fast
switching) where they can be forwarded correctly.

Glean adjacency: This adjacency is created when the router knows that either the
destination IP's subnet is directly connected to the router itself and it does not know
that destination device's MAC address, or the router knows the IP address of the router
to forward a packet to for a destination, but it does not know that router's MAC address.
Packets that trigger this entry will generate an ARP request.

Discard adjacency: FIB entries pointing to this type of adjacency will be discarded.

Drop adjacency: Packets pointing to this entry are dropped, but the prefix will be
checked.

In order to take full advantage of CEF, it is recommended to use distributed CEF (dCEF),
where there is a FIB table on each of the line cards. This avoids the need for querying the
main processor or routing table in order to get the next-hop information. Instead, fast
switching will be performed on the line card itself.
CEF currently supports Ethernet, Frame Relay, ATM, PPP, FDDI, tunnels, and Cisco HDLC
CEF can be enabled in one of two modes:
 Central CEF mode - When CEF mode is enabled, the CEF FIB and adjacency tables
reside on the route processor, and the route processor performs the express
forwarding. You can use CEF mode when line cards are not available for CEF
switching, or when you need to use features not compatible with distributed CEF
switching.
 Distributed CEF (dCEF) mode - When dCEF is enabled, line cards maintain identical
copies of the FIB and adjacency tables. The line cards can perform the express
forwarding by themselves, relieving the main processor - Gigabit Route Processor
(GRP) - of involvement in the switching operation. This is the only switching method
available on the Cisco 12000 Series Router.

dCEF uses an Inter-Process Communication (IPC) mechanism to ensure

synchronization of FIBs and adjacency tables on the route processor and line cards.

Limitation of CEF:-
 Packet with header option
 Packet with TTL expired
 Packet destined to a tunnel interface
 Packet with unsupported encapsulation
 Packet with exceed MTU

Now these packet will go through normal switching

Verifying CEF (enabled by default “no ip cef” for disable )

To verify CEF information, use the following commands to help verify any issues:

 View statistics for hardware switching Layer 3 packets.

show interface type number

 Verify the FIB.

show ip cef
 Verify detailed information about a particular vlan or interface.

show ip cef [type mod/port | vlan_interface] [detail]

 Verify adjacency table.

show adjacency type mod/port | port-channel number} | detail | internal | summary –

To know more follow the link
http://www.cisco.com/c/en/us/support/docs/routers/12000-series-
routers/47321-ciscoef.html
http://en.wikipedia.org/wiki/Cisco_Express_Forwarding

For any query and suggestion please e-mail us adityakrgaur@gmail.com

Be connected and get more