There was a point in my Cisco career when I would see “CEF” and wonder what it was, finally concluding that it was not something I needed to worry about. In short, I didn’t know/understand what it was. It wasn’t until I started studying about MPLS and found out that CEF is a requirement that I went on a search to discover what CEF is all about. This article is the product of that search.
For a router to move traffic across the network, it needs to perform two different functions: routing and switching. Routing refers to how a router determines the best path to send the traffic through. This is usually achieved using various routing protocols like EIGRP and OSPF. Packet switching, on the other hand, relates to how packets are moved from the input interface to the output interface or interfaces (in the case of more than one best path).
CCNA Training – Resources (Intense)
In Cisco IOS, there are many packet switching methods, but the common ones which we will be discussing in this article are process switching, fast switching and Cisco Express Forwarding (CEF).
Note: In this article, we will be focusing on IP packets although the same concept applies to other protocol packets.
Layer 2 Header Rewrite
Before we go on to discuss the switching methods, I would like to quickly discuss the rewriting of the layer 2 header of a packet. Look at the diagram below:
Host A and Host B are on different subnets and they have the router configured as their default gateway. If Host A wants to send a packet to Host B, it sends the packet to its default gateway. The Layer 2 header will contain Host A’s MAC address as the source of the packet and the router’s Fa0/0 MAC address as the destination.
When the router makes a forwarding decision for the packet, it needs to add a new Layer 2 header as follows: it replaces the source MAC address of the packet with the MAC address of its outgoing interface (Fa0/1 in this example). It also replaces the destination MAC address with the MAC address of the next-hop (Host B’s MAC address in this case).
Now that we know what a Layer 2 header rewrite entails, we can go ahead with our packet switching methods.
Process switching is the oldest of the three switching methods we will be discussing in this article. It is also the slowest and we will see why.
When the router receives a packet that is to be processed, the router stores this packet in memory. The router’s processor is then interrupted informing it that there is a packet waiting to be processed. The router inspects the packet and places it in the input queue of the appropriate switching process, e.g. ip_input for IP packets.
When the switching process runs, it checks the routing table to determine the next-hop and outbound interface for the destination of the packet. It also determines the layer 2 address (e.g. MAC address) of the next-hop by consulting a table such as the ARP cache. Armed with this information, the switching process rewrites the layer 2 header of the packet. The packet is then sent out through the determined outbound interface.
The issue with process switching is that the process described above happens for every packet, making it quite slow. Recent IOS versions have CEF (discussed later) as the default switching method for IP but we can enable process switching using the no ip route-cache interface configuration command.
Using our network diagram above, I will enable process switching on the router’s Fa0/0 and Fa0/1 interfaces. I will then ping from Host A to Host B and enable IP packet debugging (debug ip packet [detail]) on the router.
Hint: Process switched packets show up in IP packet debugging. Fast switched and CEF switched packets do not.
A sample output of the debug is as shown below. Notice that the packet is “routed via RIB” RIB stands for Routing Information Base which is basically the routing table of the router.
I received 10 of these messages in my debug output, 5 from the ping request from Host A and 5 from the ping reply from Host B.
Fast switching improves on process switching by making use of a cache. The first packet to a destination is still process switched but the result of this switching, which includes the outgoing interface, next-hop and Layer 2 header rewrite information, is stored in the Fast Cache. Future packets to this destination will be switched using information from the fast cache, thus improving on the speed of this switching method.
We use the ip route-cache interface configuration command to enable fast switching.
We can confirm that fast switching is enabled on an interface using the show ip interface command.
Before I test using ping, I will check the fast cache. Since we have not sent any packet across the router, this cache is empty.
Now when I ping from Host A to Host B, notice that the first ping request packet and the corresponding ping reply packet are process switched. After this first process switching, entries are created for these destinations in the fast cache.
As I mentioned above, fast switched packets will not show up in our debug output; only the two packets that were process switched will show up.
We can view the fast cache again where we notice those two created entries which include information about the destination, the outgoing interface, the next-hop and the Layer 2 header rewrite.
The diagram below helps make sense of the Layer 2 rewrite information:
Since the first packet to a destination is always process switched, switching performance will be degraded in the event where the router receives a lot of traffic for destinations that are not yet in the fast cache. Also, since entries in the fast cache will be invalidated when a route in the routing table changes, fast switching is not suitable on routers with a large number of changing routes like Internet backbone routers.
Cisco Express Forwarding (CEF)
The CEF switching method goes a step further than fast switching by building the cache in advance even before any packets need to be processed. CEF uses two components to perform its function: the Forwarding Information Base (FIB) and the Adjacency table. The FIB is more like a mirror of the routing table but with faster search capability. The FIB is used to make the forwarding decision for the destination of the packet. It contains prefixes, next hop (recursive) and the outgoing interface. The Adjacency table contains information about directly connected next hops including Layer 2 header rewrite information.
CEF is enabled globally using the ip cef command and the ip route-cache cef interface configuration command on interfaces.
We can view the FIB using the show ip cef command and the adjacency table using the show adjacency command.
Because CEF does not to wait for a packet before building the cache, switching performance is greatly increased. Note however that even though CEF is enabled on a router, there are times when packets will need to be punted to the next best switching method for packets that CEF cannot handle.
In this article, we have considered three different packet switching methods used on Cisco routers: process switching, fast switching and CEF. Process switching is the oldest, slowest and most processor intensive. In fast switching, the first packet to a destination is process switched but subsequent packets are forwarded using the information stored in the fast cache. Finally, CEF pre-builds the cache before any packets need to be forwarded. CEF makes use of the FIB and Adjacency table to perform its functions.
Cisco’s implementation of MPLS, for example, requires CEF to be enabled because CEF is the only switching method that makes use of the FIB. I hope you have found this article interesting.
References and further reading
Cisco Express Forwarding. Understanding and troubleshooting CEF in Cisco routers and switches by Nakia Stringfield
Inside Cisco IOS Software Architecture by Russ White, Vijay Bollapragada, Curtis Murphy
Process, Fast and CEF Switching and Packet Punting: http://blog.ipspace.net/2013/02/process-fast-and-cef-switching-and.html