acef

Answered Question
Dec 7th, 2008
User Badges:
  • Bronze, 100 points or more

hi every body!

I have few questions about acef:

A cisco press book says"Line cards send initial packet of a flow to supervisor engine,where packet is switched in hardware using the master cef table.The forwarding decision made, is then stored in local scaled-down cef table on linecard where the flow enters the switch,with local linecard making subsequent forwarding decision for packets asssocitaed with the flow"


My question is when we consider packet belong to same flow?

For example in case of net flow switching, packets containing similar source ip,destination ip, port and ingress interface are considered belonging to same flow.

What do we consider in acef for a packet to belong to same flow?

thanks a lot!

Correct Answer by Giuseppe Larosa about 8 years 3 months ago

Hello Joseph,

my understanding is that CEF is topology driven and even first packet of a flow is switched and not process swichted.

This makes the difference between CEF and its predecessors like Fast switching.


In a C5500 MLS is traffic driven by using the Netflow feature card and can be combined even with an external router.

In C550 or C6500 sup1 the first packet of a flow needs to be sent to the processor and the NFFC is able to store the shortcut of the RSM action on the packet: subsequent packets are then multilayer switched as the first: the NFFC is able to perform the packet rewrite.


What can change in modern C6500 is the combination of centralized forwarding and distributed forwarding: each linecard / module able to perform in a distributed manner has a complete copy of the CEF table that is built and maintained by the supervisor


Hope to help

Giuseppe


Correct Answer by Jon Marshall about 8 years 3 months ago

Sarah


6500 switches use MLS with CEF to forward packets so it is not just the CEF you see on routers.


MLS is flow based and records the extra information that you mention.


Does this make sense ?


Jon

Correct Answer by Jon Marshall about 8 years 3 months ago

Sarah


To be honest i thought it was a typo at first as i have never come across acef before, dcef (distributed CEF) yes but not acef. It sounds like acef may have been a forerunner of dcef. Guess that's one of the reasons i still do NetPro, i'm always learning :-)


From the 6500 CatOS configuration document on guidelines/restrictions for acef


The only MLS flow mask supported is full flow. Full flow is the most-specific flow mask. A full flow entry includes the destination/source IP address, destination/source Layer 4 port number, protocol type, and Layer 2 header.


Full link -


http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/acef.html#wp1090635


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Jon Marshall Mon, 12/08/2008 - 03:01
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sarah


To be honest i thought it was a typo at first as i have never come across acef before, dcef (distributed CEF) yes but not acef. It sounds like acef may have been a forerunner of dcef. Guess that's one of the reasons i still do NetPro, i'm always learning :-)


From the 6500 CatOS configuration document on guidelines/restrictions for acef


The only MLS flow mask supported is full flow. Full flow is the most-specific flow mask. A full flow entry includes the destination/source IP address, destination/source Layer 4 port number, protocol type, and Layer 2 header.


Full link -


http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/acef.html#wp1090635


Jon

sarahr202 Mon, 12/08/2008 - 05:10
User Badges:
  • Bronze, 100 points or more

thanks a alot Jon!

Usually fib table contains:

prefix,next hop outgoing interface.

question is how can switching engine on line card store informations such as source ip, layer 4 ports, in fib table as there is no such field(port number,source ip)?

Does it mean Fib structure in acef is different from fib structure in dcef in terms of what kind of informations ,they could hold?

thanks a lot!

Correct Answer
Jon Marshall Mon, 12/08/2008 - 05:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sarah


6500 switches use MLS with CEF to forward packets so it is not just the CEF you see on routers.


MLS is flow based and records the extra information that you mention.


Does this make sense ?


Jon

Joseph W. Doherty Mon, 12/08/2008 - 10:06
User Badges:
  • Super Bronze, 10000 points or more

Sarah, in summary, MLS does all the L3 analysis with the first packet of the flow, and forwards subsequent packets of the flow using L2 hardware.


If you want to become more familiar with Cisco's MLS you might look at some Cisco documentation on the 5500 series. On those, it required extra hardware and manual configuration, so the supporting explanations are better, I think, then what you find in reference to MLS with the 6500 series.


What might make this especially clear, if you read about how a 5500 L2 switch could cooperate with an external L3 router to perform MLS.

Correct Answer
Giuseppe Larosa Mon, 12/08/2008 - 10:13
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Joseph,

my understanding is that CEF is topology driven and even first packet of a flow is switched and not process swichted.

This makes the difference between CEF and its predecessors like Fast switching.


In a C5500 MLS is traffic driven by using the Netflow feature card and can be combined even with an external router.

In C550 or C6500 sup1 the first packet of a flow needs to be sent to the processor and the NFFC is able to store the shortcut of the RSM action on the packet: subsequent packets are then multilayer switched as the first: the NFFC is able to perform the packet rewrite.


What can change in modern C6500 is the combination of centralized forwarding and distributed forwarding: each linecard / module able to perform in a distributed manner has a complete copy of the CEF table that is built and maintained by the supervisor


Hope to help

Giuseppe


Joseph W. Doherty Mon, 12/08/2008 - 11:32
User Badges:
  • Super Bronze, 10000 points or more

Giuseppe, reading your post, my post must seem misleading; and perhaps it was since I didn't provide much context.


I was trying to expand upon the functioning of aCEF using MLS, not CEF vs. process switching, CEF vs. other caching techniques (your mention of Fast switching), or the difference between 5500 MLS and 6500 1st packet physical processing, or 6500 using line cards with a DFC performing dCEF.


If you read the aCEF reference Jon supplied, you'll see how the first packet is directed to sup720, which in turn caches the flow to switch subsequent packets of the same flow without incurring the lookup overhead on the PFC3. This appears somewhat similar to 5500 MLS, logically, as it was performed on the 5500 series. I.e. routing first packet, switching subsequent packets. The reference document isn't clear where the aCEF cache-based forwarding actually takes place.


I was also trying to expand upon the concept of MLS itself, which I think is better explained in the 5500 documentation, vs. CEF. The primary purpose of CEF being processing the 1st packet as quickly as subsequent packets.

Giuseppe Larosa Mon, 12/08/2008 - 12:10
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Joseph,

I've read the ACEF reference.

I agree this is an hybrid model of MLS with forwarding caching performed on capable modules.

I think this is the best approximation to distributed CEF that is available for a C6500 in Hybrid Mode.

It has two levels of caches: PFC3 has a complete CEF table populated by MSFC, the capable modules query it and cache the results: the first packet is processed in the main CEF table not by a route processor.

It says the first packet is sent to PFC3.



The HW components are:

Supervisor Engine 720 with the integrated 720 Gbps switch fabric


•Supported switching modules:


-48-port 10/100/1000BASE-TX (WS-X6748-GE-TX)


-24-port 1000BASEX (WS-X6724-SFP)


-48 port-1000BASEX (WS-X6748-SFP)


-4-port 10-Gigabit Ethernet (WS-X6704-10GE)


These are all modules that should support DFCs in Native IOS as they are in the newest series.

The purpose of this strategy is to leave the PFC3 free to help less powerful modules in the chassis.


Sorry for my previous post actually it is a little change on what you said.


Hope to help

Giuseppe


Joseph W. Doherty Mon, 12/08/2008 - 12:23
User Badges:
  • Super Bronze, 10000 points or more

Giuseppe, nothing for you to be sorry for. If my post wasn't clear in the point I was trying to make, the fault is mine.

Actions

This Discussion