Cisco Express Forwarding (or CEF for short) is a layer 3 switching technology propriety to Cisco. CEF allows hardware level routing (switching) to happen without using CPU cycles. Due to this the router is able to perform routing at much lower latency and higher throughput while maintaining low CPU utilization. CEF is enabled/disabled with the (no) ip cef configuration command.
Packet Switching Methods
Yes, routers are doing switching.
- Ingress interface receives a packet
- The Router does it’s thing
- Egress interface expels a packet with new layer 2 information
This is (albeit layer 3) switching.
The three methods a Cisco Router can use for it’s switching logic are:
- Process Switching: This is the slowest method. The CPU has to handle all the packet processing and due to many interrupts, other processes may suffer.
- Fast Switching: The first packets the router receives with a destination it doesn’t know about will use process switching. The fast switching cache then stores the results for reuse. Subsequent packets to the same destination use the cached path.
- Cisco Express forwarding: When using CEF, the Route Processor (RP) handles the majority of packet switching. Inside the RP is the Forward Information Base (FIB) and Adjacency Tables which are explained below.
CEF Data Structures
CEF consists of two main data structures:
- Forwarding Information Base (FIB) table: The FIB acts like the routing table in many ways. It contains all routes that the router knows about along with any hosts.
- Adjacency Table: This stores Layer 2 next hop information for all entries on the FIB table. These will be hosts on the connected networks that the router is part of. Stored Layer 2 information includes MAC addresses for Ethernet or DLCI for frame relay.
Forwarding Information Base
FIB contains necessary information from the routing table, stripping out unneeded information like Administrative Distances, Metrics, Age of Routes, Tags. In addition, known /32 next hop and /32 local interfaces are stored. Routing table updates are applied to the FIB immediately. Finally, packets that don’t match any FIB table entries are dropped.
The show ip cef command lists the contents of the FIB table:
R8#show ip cef Prefix Next Hop Interface 0.0.0.0/0 10.4.1.7 FastEthernet0/0 0.0.0.0/8 drop 0.0.0.0/32 receive 10.1.0.0/16 10.4.1.7 FastEthernet0/0 10.2.0.0/16 10.4.1.7 FastEthernet0/0 10.3.1.0/30 10.4.1.7 FastEthernet0/0 10.3.1.4/30 10.4.1.7 FastEthernet0/0 10.3.1.8/30 10.4.1.7 FastEthernet0/0 10.3.1.12/30 10.4.1.7 FastEthernet0/0 10.4.1.0/24 attached FastEthernet0/0 10.4.1.0/32 receive 10.4.1.7/32 10.4.1.7 FastEthernet0/0 10.4.1.8/32 receive 10.4.1.255/32 receive 10.5.1.0/24 10.4.1.7 FastEthernet0/0 127.0.0.0/8 drop 126.96.36.199/4 drop 188.8.131.52/24 receive 240.0.0.0/4 drop 255.255.255.255/32 receive R8#
The adjacency table stores layer 2 information about adjacent nodes. A node is adjacent when it’s reachable within a single hop. CEF uses the adjacency table as a map for IP > MAC addresses and substitutes the correct MAC address during encapsulation.
The show command for viewing the Adjacency Table is show adjacency.
Protocol Interface Address IP Serial1/0 point2point(7) IP Serial1/1 point2point(7) IP Serial1/2 point2point(7) IP Serial1/3 point2point(7) IP FastEthernet0/0 184.108.40.206(7) R5#
Some adjacency types can’t be CEF switched and need to be processed by the CPU, or dropped.
- Glean: This is when the router doesn’t yet know the host MAC address in the adjacency table and therefor has to ARP. The CPU is responsible for ARPing, then the router will wait for an ARP reply. While waiting for the reply the Adjacency Table will store the host address without the MAC address. This will be the glean state.
- Punt: Directed at the CPU, for example if you’re running EIGRP you’ll get punt adjacency to 220.127.116.11 (the EIGRP multicast).
- Null: This is a valid packet but needs to be dropped. You can point a Static Route to null0 to drop packets here.
- Discard: A Security Policy blocks and drops the packet.
- Drop: This means either CRC failure or no route to destination. The packets dropped
CEF can’t be used to switch all packet types. These will generally be <1% of any routers traffic and therefor isn’t an issue but it’s still good to know. These packets include:
- Packets directed at the Router itself
- Traffic from Routing Protocols (RIP, EIGRP, OSPF, BGP)
- Packets that need to be encrypted
- ARP Requests