CCIE 400-101: Network Principles - CEF

on

1.1.b Identify Cisco express forwarding concepts

  • The switching process is responsible for moving packets between the interfaces.
  • There are three different switching path methods available: process switching, fast switching, and Cisco Express Forwarding (CEF).
  • With process switching, every packet is inspected and forwarded by the CPU. This method is very tedious, resource-intensive, and slow.
  • Fast switching also uses process switching, but only for the first packet of a given traffic flow. Subsequent packets are forwarded using a cache entry instead of an individual lookup for each packet.
  • CEF pre-builds and pre-computes forwarding information based on the routing table and ARP before receiving any packets. The information is stored in separate data structures (FIB and adjacency table), which are designed for quick lookups without involving the CPU.

Routing Information Base (RIB)

  • Essentially, the RIB aka the routing table is a collection of best paths to each network that the router knows about.
  • Each routing protocol has its own data structures (OSPF database, EIGRP topology table, BGP table etc.) that store information from routing updates.
  • Each routing protocol also runs its own route selection algorithm to find its own best path to each unique prefix.
  • The same network can be learned from different routing protocols or different neighbors but only one path is installed into the RIB based on the lower administrative distance and metric values. (Not considering load balancing here.)
  • Basically, the RIB contains only the best of the best routes.
  • The RIB can be viewed with the show ip route command.

Router#show ip route

Gateway of last resort is 10.142.124.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.142.124.1
      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C        10.142.124.0/24 is directly connected, FastEthernet0/0
L        10.142.124.151/32 is directly connected, FastEthernet0/0
S        10.142.125.0/24 [1/0] via 10.42.24.1


Forwarding Information Base (FIB)

  • The FIB is conceptually similar to the RIB.
  • The FIB maintains a mirror image of the RIB.
  • When routing or topology changes occur in the network, the IP routing table is updated, and those changes are reflected in the FIB. 
  • Think about a "normal" routing traffic flow: decapsulate the packet to find the destination IP address, do a routing table lookup, select the best match, find the exit interface, and resolve Layer 2 next-hop information. This is rather inefficient, needing to consult different tables to find the necessary information to rebuild and forward the packet.
  • Now, the FIB eliminates the need to do recursive RIB lookups because it resolves next-hops to outgoing interfaces and computes the Layer 2 information prior to sending any packets.
  • The show ip cef command displays the contents of the FIB.

Router#show ip cef
Prefix                 Next Hop             Interface
0.0.0.0/0              10.142.124.1         FastEthernet0/0
0.0.0.0/8              drop
0.0.0.0/32             receive
10.142.124.0/24        attached             FastEthernet0/0
10.142.124.0/32        receive              FastEthernet0/0
10.142.124.1/32        attached             FastEthernet0/0
10.142.124.4/32        attached             FastEthernet0/0
10.142.124.8/32        attached             FastEthernet0/0
10.142.124.107/32      attached             FastEthernet0/0
10.142.124.151/32      receive              FastEthernet0/0
10.142.124.203/32      attached             FastEthernet0/0
10.142.124.218/32      attached             FastEthernet0/0
10.142.124.222/32      attached             FastEthernet0/0
10.142.124.254/32      attached             FastEthernet0/0
10.142.124.255/32      receive              FastEthernet0/0
10.142.125.0/24        10.142.124.1         FastEthernet0/0
127.0.0.0/8            drop
224.0.0.0/4            drop
224.0.0.0/24           receive
240.0.0.0/4            drop
255.255.255.255/32     receive


  • There are different kinds of CEF adjacencies: null, glean (attached), punt, drop, and discard.
  • Null adjacency: Packets destined to the Null0 interface are dropped.
  • Glean (attached) adjacency: When a router is directly connected to a multiple hosts, the router maintains a prefix for the subnet rather than individual hosts. The subnet prefix points to a glean adjacency. When packets need to be forwarded to a specific host, the adjacency database is gleaned for the specific prefix.
  • Punt adjacency: Features that require special handling or features that are not yet supported in conjunction with CEF are forwarded to the next switching layer for handling (the router CPU).
  • Drop adjacency: Packets are dropped, but the prefix is checked.
  • Discard adjacency: Purposefully drops packets as a result of a configured feature that discards the packets.


Adjacency Table

  • Network nodes are adjacent if they can reach each other with a single hop. 
  • CEF uses the adjacency table to prepend Layer 2 addressing information. 
  • Maintains Layer 2 next-hop addresses for all FIB entries. 
  • Populated as adjacencies are discovered. 
  • Each time an adjacency entry is created (through the ARP protocol, for example), a link-layer header for that node is precomputed and stored in the adjacency table. 
  • Once a route is determined, it points to a next hop and corresponding adjacency entry. 
  • For each resolved path to a destination prefix, a pointer is added for the adjacency corresponding to the next-hop interface for that path.
  • The adjacency table can be examined with the show adjacency command.

Router#show adjacency
Protocol Interface                 Address
IP       FastEthernet0/0           10.142.124.1(11)
IP       FastEthernet0/0           10.142.124.4(7)
IP       FastEthernet0/0           10.142.124.8(7)
IP       FastEthernet0/0           10.142.124.107(7)
IP       FastEthernet0/0           10.142.124.203(7)
IP       FastEthernet0/0           10.142.124.218(7)
IP       FastEthernet0/0           10.142.124.222(7)
IP       FastEthernet0/0           10.142.124.254(7)


Let's look at a specific entry for 10.142.124.8.

Router#show adjacency 10.142.124.8 detail
Protocol Interface                 Address
IP       FastEthernet0/0           10.142.124.8(7)
                                   0 packets, 0 bytes
                                   epoch 0
                                   sourced in sev-epoch 1
                                   Encap length 14
                                   002590956536CCEF48117D180800
                                   ARP


The last line says that the information was drawn from the ARP cache. The most information part is the seemingly random string 002590956536CCEF48117D180800, which actually lists the destination MAC address (002590956536), the source MAC address (CCEF48117D18), and the protocol type (0x800). This information can be verified by referring to the ARP cache and checking the MAC address of the exit interface.

Router#show arp 10.142.124.8
Protocol  Address       Hardware Addr   Interface
Internet  10.142.124.8  0025.9095.6536  FastEthernet0/0

Router#show interface FastEthernet0/0
FastEthernet0/0 is up, line protocol is up
  Hardware is i82546, address is ccef.4811.7d18 (bia ccef.4811.7d18)
  Internet address is 10.142.124.151/24

Comments

Post a Comment