In studying for my CCNP BCMSN I started reading more on CEF. While I had a overview understanding of this I am now looking more in depth for my exam....Now to my question. I ran the show ip cef switching statistics command to just check what it looked like on our core switch and I found some things I have questions on so I am hoping someone can help as I may have an issue....or not. I ran the command back to back 3 times and I see the counters on Punts, Drops, and Punt2Host are incrementing, is this something that could be normal or is it something I should look further into? Attached is the output.
Also can someone explain what each of these are just so I am clear...I think I know but I am not an expert.
RP LES Packet destined for us
RP LES No adjacency
RP LES TTL expired
RP LES IP redirects
RP LES Unclassified reason
RP LES Neighbor resolution req
Thanks for your help,
punt packets are packets sent to the main CPU for processing
drops are packets that should be sent to the main CPU, but they aren't sent in an attempt to protect the cpu from unnecessary load.
Let's make an example: suppose packets are received for a destination address that is in a connected vlan but for which no valid ARP entry exists.
Le't ssuppose it is an UDP flow: multiple packets can be sent before the ARP process completes.
First packet triggers the ARP request process if other packets arrive in a short time there is no use on sending them to the CPU, because the end result is the same a trigger for the ARP request for the same specific IP address.
So these packets can be put on some buffer waiting for the ARP process to completes.
The buffer has finite size so over time some packets have to be dropped.
To understand if these numbers are low you should compare them with total traffic statistics on the switch if they are a small percentage of total traffic you are in a normal condition.
Hope to help
RP = route processor, LES I don't know however these are packet categories that are not processed by CEF but punted to main cpu
let's go on:
Packet destined for us: a packet for a RP ip address for example a routing protocol message or an STP BPDU or a CDP or VTP message
No adjacency: the CEF entry is not present or totally built so the packet is sent to the RP for example in order to perform an ARP request for a PC in a connected vlan.
TTL expired: sent to RP in order to build an ICMP unreachable to sent to source of expired packet
IP redirects: again an ICMP message that has to be processed by RP in order to modify a CEF entry because a better next-hop exists for the destination
Neigh resol request: a request for an ARP request to resolve a next-hop address typically of another networking device, probably used as next-hop in a static route
unclassified: all other possible reasons
Hope to help