CEF Switching

parians · ‎06-16-2009

Hi all, I was just after a bit more information about how exactly CEF works. For example, if CEF is set up correctly, and if you've got a MLS A (multi layer switch) connected to MLS B, will MLS A send packets to MLS B using CEF and then will MLS B forward the packets on to the next hop in CEF too?

Also, is it true that if a device is sending heavy loads of traffic, the MLS will revert back to Process Switching instead of CEF Switching?

Thanks for your time everyone.

francisco_1 · ‎06-16-2009

hey peter,

IOS makes switching decisions based on the configuration of the inbound interface first. If CEF is configured on an inbound interface, the packet will be CEF switched if cef is enable in the inbound interface regardless of the configuration on the outbound interface. By default if you are using IPv4, fast switching is enable. On IPv6 proces switching is enable by default.

If CEF is not enabled on the inbound interface, then IOS processes and forwards the packet, and based on the configuration of the outbound interface, subsequent packets will be fast-switched or process switched as mentioned above. below shows which switching method will be used based on configuration of inbound and outbound interfaces.

IOS switching determination is based on configuration of inbound and outbound interfaces.

Inbound Configuration Outbound Configuration SwitchingMethod Used

CEF Process CEF

CEF Fast CEF

Process CEF Fast (or process if IPv6)

Process Fast Fast

Fast CEF Fast (or process if IPv6)

Fast Process Process

IOS will switch a packet using CEF only if CEF is enabled on the inbound interface. If CEF is not configured on the inbound interface, the configuration of the exit interface determines the switching method. Notice that when process or fast-switching is configured inbound and CEF is configured on the outbound interface, fast-switching is used. CEF is only used if it is configured on the ingress interface. For IPv4, fast-switching is enabled outbound, even if CEF is enabled on the interface.

There are times when a packet will not be switched using CEF even if it is enabled (for example, if access-list logging is enabled and a packet will be logged). Packets will be punted down to the next fastest switching method. For IPv4, the next fastest switching method is fast-switching. For IPv6, this is process switching.

is it true that if a device is sending heavy loads of traffic, the MLS will revert back to Process Switching instead of CEF Switching?

i dont think so. by default CEF uses per destination forwarding and i dont think CEF can revert back unless you enable either process switching or fast...

Joseph W. Doherty · ‎06-16-2009

"For example, if CEF is set up correctly, and if you've got a MLS A (multi layer switch) connected to MLS B, will MLS A send packets to MLS B using CEF and then will MLS B forward the packets on to the next hop in CEF too?"

Each device, I believe, CEF usage is independent. So, how MLS A decides to forward will not influcence MLS B.

"Also, is it true that if a device is sending heavy loads of traffic, the MLS will revert back to Process Switching instead of CEF Switching? "

Not that I'm aware of.

PS:

BTW, CEF isn't limited to MLS, it works on routers too.

If you would like to read more information about CEF, you might start here: http://www.cisco.com/en/US/tech/tk827/tk831/tk102/tsd_technology_support_sub-protocol_home.html

voiper_99 · ‎06-17-2009

Hi all, I'm curious to know, why is CEF applied to the inbound interface but other switching methods are applied to the outbound interface?

In regards to CEF reverting back to a lower switching method, I think it may be true. See here - http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00801c2af3.shtml

"Interrupt switching is disabled on an interface (or interfaces) that has (have) a lot of traffic."

Joseph W. Doherty · ‎06-17-2009

"Hi all, I'm curious to know, why is CEF applied to the inbound interface but other switching methods are applied to the outbound interface? "

Not certain, but it might have much to due with the approach undertaken by the CEF vs. other methods. CEF is tied to routes, other methods are tied to a cache. So, perhaps, with CEF the decision can be tied immediately to ingress, but with caching method, it needs to "see" packet egress.

Regarding your Cisco reference quote, its following text describes, I think, the CPU impact of much traffic that is being process switched; not that lots of interface traffic disables interrupt switching.

bbaillie · ‎06-18-2009

This explanation is actually simpler than the actual technology but here it is.

With CEF two items are in play, the Forwarding Information Base (FIB) and the Adjacency table. The FIB is based on destination IP addresses with a longest host mask match, usually %ip address% and mask 255.255.255.255. This means an IP packet coming in can be recognized and switched by its destination IP address hence ingress port usage for reading the destination IP address.

The adjacency table contains the destination or next hop mac address for the destination IP addresses (accomplished from gleaning IP and MAC information from ARPS the switch sees) and the ports where the MACs were seen from the ARPS.

Put both together and an ASIC can be programmed to fast switch the packet based on the destination IP address and rewrite the destination MAC address before sending it out the correct destination port. basicalyy layer three switching based on destination IP address.

Well maybe not that simple.

Basically there is no requirement to revert to process switching in a high load condition, bu ta very good reason to continue using the ASIC/CEF method in high load conditions.

MLS switches can exchange some switching/CEF information if they are in the same MLS domain as one another, not all MLS switches will do this with one another.

Cheers,

Brian