Fast Switching and CEF

Fast Switching and CEF

Problem

You want to use the most efficient mechanism in the router to switch the packets.

Solution

As we discuss in Appendix B, one of the most important things you can do to improve router performance, and consequently network performance, is to ensure that you are using the best packet switching algorithm. All Cisco routers support Fast Switching, and it is enabled by default. However, some types of configurations require that it be disabled. The following example shows how to turn Fast Switching back on if it has been disabled:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#ip route-cache
Router(config-if)#exit
Router(config)#end
Router#

If you are using policies, including policies for Class-based QoS, you also need to configure Fast Switching to handle them, using the ip route-cache policy command:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#ip route-cache policy
Router(config-if)#exit
Router(config)#end
Router#

CEF, on the other hand, is not enabled by default. Unlike Fast Switching, which is enabled separately for each interface, you have to enable CEF globally for the entire router, as well as on each interface:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ip cef
Router(config)#interface FastEthernet0/0
Router(config-if)#ip route-cache cef
Router(config-if)#exit
Router(config)#end
Router#

Discussion

The ip route-cache command used to enable Fast Switching has a couple of useful options. The second example demonstrates one of these options, the policy keyword, which allows Fast Switching of policy-based routing:

Router(config-if)#ip route-cache policy

Another useful option is the same-interface keyword, which instructs the router to allow Fast Switching of packets that come in and go back out through the same physical interface:

Router(config)#interface Serial0/0
Router(config-if)#ip route-cache same-interface

You should use this option when the router frequently needs to switch packets between different networks that all connect to the same port. This could be the case for Frame Relay networks, as well as for LANs that use subinterfaces or secondary IP addresses.

Cisco supplies three useful commands to look at CEF performance. The first is show cef interface:

Router#show cef interface FastEthernet0/0
FastEthernet0/1 is up (if_number 4)
Corresponding hwidb fast_if_number 4
Corresponding hwidb firstsw->if_number 4
Internet address is 172.22.1.3/24
ICMP redirects are always sent
Per packet load-sharing is disabled
IP unicast RPF check is disabled
Inbound access list is 120
Outbound access list is not set
IP policy routing is disabled
Hardware idb is FastEthernet0/1
Fast switching type 1, interface type 18
IP CEF switching enabled
IP CEF Feature Fast switching turbo vector
Input fast flags 0x0, Output fast flags 0x0
ifindex 4(4)
Slot 0 Slot unit 1 VC -1
Transmit limit accumulator 0x0 (0x0)
IP MTU 1500
Router#

The output of this command shows that CEF is enabled on the interface FastEthernet0/0, as well as information about inbound and outbound ACL's and policies. In this example, you can see that the interface has an access-group configured to use access-list number 120 to filter inbound traffic.

You can use the show cef drop and show cef not-cef-switched commands to see more detailed CEF forwarding statistics:

Router#show cef drop
CEF Drop Statistics
Slot Encap_fail Unresolved Unsupported No_route No_adj ChkSum_Err
RP 71 0 0 105 0 0
Router#show cef not-cef-switched
CEF Packets passed on to next switching layer
Slot No_adj No_encap Unsupp'ted Redirect Receive Options Access Frag
RP 0 0 0 0 572 0 0 0

These commands show you details of CEF's operation on the router. The first command shows how many packets CEF has had to drop, and the reasons for the drops. The Slot column in the output of both commands refers to the VIP slot where the packets were received. In this case, the router didn't have any VIP cards because it was a Cisco 2600. So all packets are received by the Route Processor, which is indicated by the RP in the leftmost column.

The Encap_fail column in the show cef drop output shows the number of packets that CEF has dropped because they were incomplete and there was no adjacency route in the CEF table. Unresolved indicates the number of packets dropped because CEF could not resolve the destination address prefix. If there had been any packets that could not be switched by CEF because of unsupported features, they would appear in the Unsupported column. The No_route column shows the number of packets dropped because CEF didn't have a route to the destination. Similarly, No_adj shows the number of packets for which CEF did not have an entry in its adjacency table, so it had to send an ARP query. And, finally, ChkSum_Err shows the number of times that CEF had to drop packets because they were corrupted.

The show cef not-cef-switched command has similar output. No_adj is the same here as it was in the show cef drop command, while Unsupp'ted is the same as the Unsupported column. The No_encap column counts the number of packets that could not be switched because they were encapsulated in another protocol. Redirect means that CEF has had to send these packets to another algorithm, usually process switching, to handle. And Receive lists the number of packets that were received from another internal switching algorithm. The remaining columns are rarely of interest in practice.

You can display the CEF version of the routing table with the show ip cef command:

Router#show ip cef
Prefix Next Hop Interface
0.0.0.0/0 172.25.1.1 FastEthernet0/0.1
0.0.0.0/32 receive
172.16.2.0/24 attached FastEthernet0/1
attached FastEthernet1/1
172.22.1.0/24 attached FastEthernet0/1
172.22.1.0/32 receive
172.22.1.3/32 receive
172.22.1.4/32 172.22.1.4 FastEthernet0/1

Router#

Notice in this output that there are actually two equal-cost routes to 172.16.2.0/24. CEF supports load balancing between these two paths.

You can expand the detail on these entries with the show ip cef detail command:

Router#show ip cef detail
IP CEF with switching (Table Version 31), flags=0x0
31 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 1
31 leaves, 21 nodes, 25560 bytes, 62 inserts, 31 invalidations
0 load sharing elements, 0 bytes, 0 references
universal per-destination load sharing algorithm, id 0697166A
3(1) CEF resets, 0 revisions of existing leaves
Resolution Timer: Exponential (currently 1s, peak 1s)
0 in-place/0 aborted modifications
refcounts: 5672 leaf, 5632 node

Adjacency Table has 5 adjacencies
0.0.0.0/0, version 27, cached adjacency 172.25.1.1
0 packets, 0 bytes
via 172.25.1.1, FastEthernet0/0.1, 0 dependencies
next hop 172.25.1.1, FastEthernet0/0.1
valid cached adjacency
0.0.0.0/32, version 0, receive
172.16.2.0/24, version 21, attached, connected
0 packets, 0 bytes
via FastEthernet0/0.2, 0 dependencies
valid glean adjacency
172.16.2.0/32, version 10, receive
172.16.2.1/32, version 9, receive
172.16.2.255/32, version 11, receive
172.22.1.0/24, version 22, attached, connected
0 packets, 0 bytes
via FastEthernet0/1, 0 dependencies
valid glean adjacency
172.22.1.0/32, version 16, receive

Router#

See Also