Cisco CEF

發佈日期: 作者:

CEF(Cisco Express Forwarding)
offering high performance packet forwarding through the use of dynamic lookup tables
CEF runs by default, taking advantage of the specialized hardware.
ps:
The following platforms all perform CEF in hardware:
Catalyst 6500 Supervisor 720 (with an integrated MSFC3)
Catalyst 6500 Supervisor 2/MSFC2 combination
Catalyst 4500 Supervisor III, IV, V, and 6-E
Fixed-configuration switches, ex:Catalyst 3750, 3560, 3550, and 295
ps:
Traditional MLS(NetFlow switching /route cache switching)
the SE(switch enginer) must know the identity of each RP(router process).
The SE then can listen in to the first packet going to the router and also going away from the router.
If the SE can switch the packet in both directions,
it can learn a “shortcut path” so that subsequent packets of the same flow can be switched directly to the destination port without passing through the RP.
ps:
Traditionally, NetFlow switching was performed on Cisco hardware
Basically,the hardware consisted of an independent RP component and a NetFlow-capable SE component.

ps:
CEF also can be optimized through the use of specialized forwarding hardware
aCEF(Accelerated CEF)
CEF is distributed across multiple Layer 3 forwarding engines, typically located on Catalyst 6500 line cards.
These engines do not have the capability to store and use the entire FIB, so only a portion of the FIB is downloaded to them at any time
This functions as an FIB “cache,” containing entries that are likely to be used again
dCEF(Distributed CEF)
CEF can be distributed completely among multiple Layer 3 forwarding engines for even greater performance. 
Because the FIB is self-contained for complete Layer 3 forwarding, it can be replicated across any number of independent Layer 3 forwarding engines

disable CEF
on the Catalyst 3750
(config-if)# no ip route-cache cef
on the Catalyst 4500
(config-if)#no ip cef
ps:
CEF is enabled on all CEF-capable Catalyst switches by default

……………………………………

A CEF-based multilayer switch consists of two basic functional blocks
Layer 3 engine:is involved in building routing information
Layer 3 forwarding engine:can use to switch packets in hardware by Layer 3 engine information
ps:
CEF operation depends on the correct routing information being generated and downloaded to the Layer 3 forwarding engine hardware . This information is contained in the FIB and is maintained dynamically.

The Layer 3 engine (essentially a router)
1. maintains routing information(from static routes or dynamic routing protocols)
2. the routing table is reformatted into FIB

Layer 3 Forwarding Engine
1. After the FIB is built , packets can be forwarded along the “Layer3 Forwarding Engine”
2. This follows the hardware switching process, in which no expensive or time-consuming operations are needed
3. 封包進入layer3 forwarding engine作業
ingress packet-> ( FIB -> Adjacency Table -> rewrite engine)->egress packet


…………………………………………………………………………………………………………
…………………………………………………………………………………………………………

FIB(Forwarding Information Base):
1. an ordered list with the most specific route first, for each IP destination subnet in the table
2. contains routing or forwarding information that the network prefix can reference
ex:
a route to 10.1.0.0/16 might be contained in the FIB along with routes to 10.1.1.0/24 and 10.1.1.128/25, if those exist.
Notice that these examples are increasingly more specific subnets, as designated by the longer subnet masks.
3. When the switch receives a packet, it easily can examine the destination address and find the “longest-match destination” route entry in the FIB.
ps:
FIB欄位包括以下
 IP Address
 Next-Hop IP Addr
 Next-Hop MAC Addr
 Egress Port

FIB is dynamic
the FIB must reflect the same change if:
1. a next-hop address is changed
2. aged out of the ARP table
ps:
route和FIB的互動
1. Anytime the routing table receives a change to a route prefix or the next-hop address, the FIB receives the same change
2. When the Layer 3 engine sees a change in the routing topology, it sends an update to the FIB

CEF punt
if a packet cannot be switched in hardware according to the FIB
Packets then:
 1 are marked as “CEF punt”
 2 immediately are sent to the Layer 3 engine for further processing

會導致 “CEF punt” 封包的情況如下
An entry cannot be located in the FIB.
The FIB table is full.
The IP TTL has expired.
The MTU is exceeded, and the packet must be fragmented.
An ICMP redirect is involved.
The encapsulation type is not supported.
Packets are tunneled, requiring a compression or encryption operation.
An access list with the log option is triggered.
A NAT operation must be performed (except on the Catalyst 6500 Supervisor 720, which can handle NAT in hardware).


display FIB table
Switch# show ip cef [option][detail]
常用option有以下兩種
[interface | vlan < vlan-id>]
related to a specific interface or VLAN
[ prefix-ip prefix-mask] [longer-prefixes]
by specifying an IP prefix address and mask
only an exact match of the IP prefix and mask will be displayed if it exists in the CEF table

ps:
Switch# show ip cef 為例,畫面大致如下
Prefix      Next Hop Interface
0.0.0.0/32    receive
192.168.199.0/24 attached Vlan1
192.168.199.0/32 receive
192.168.199.1/32 receive
192.168.199.2/32 192.168.199.2 Vlan1
192.168.199.255/32 receive
說明如下
Next Hop=”receive”:packets will be sent to the Layer 3 engine for further processing.
Next Hop=”attached” :it is connected directly to an SVI or VLAN
Next Hop=same IP address, denoting that an adjacency is available.
0.0.0.0/32;An FIB entry has been reserved for the default route. No next hop is defined
192.168.199.0/24:The subnet assigned to the VLAN 1 interface is given its own entry.
192.168.199.0/32:An FIB entry has been reserved
192.168.199.1/32:An entry has been reserved
192.168.199.2/32:This is an entry for a neighboring multilayer switch, found on VLAN 1 interface.
168.199.255/32:The route processor (Layer 3 engine) handles all directed broadcasts

ps:
Switch# show ip cef vlan 101 為例,畫面大致如下
Prefix    Next Hop  Interface
10.1.1.0/24  attached  Vlan101
10.1.1.2/32  10.1.1.2  Vlan101
10.1.1.3/32  10.1.1.3  Vlan101
ps:
Switch# show ip cef vlan 1003 為例,畫面大致如下
Prefix Next Hop Interface
0.0.0.0/0 172.20.52.1 FastEthernet3/3
0.0.0.0/32 receive
10.7.0.0/16 172.20.52.1 FastEthernet3/3
10.16.18.0/23 172.20.52.1 FastEthernet3/3
ps:
Switch# show ip cef vlan 1003 detail為例,畫面大致如下
IP Distributed CEF with switching (Table Version 2364), flags=0x0
1383 routes, 0 reresolve, 0 unresolved (0 old, 0 new)
1383 leaves, 201 nodes, 380532 bytes, 2372 inserts, 989 invalidations
0 load sharing elements, 0 bytes, 0 references
universal per-destination load sharing algorithm, id 9B6C9823
3 CEF resets, 0 revisions of existing leaves
refcounts: 54276 leaf, 51712 node
Adjacency Table has 5 adjacencies


ps:
Switch# show ip cef 10.1.0.0 255.255.0.0 longer-prefixes 為例,畫面大致如下
Prefix    Next Hop  Interface
10.1.1.0/24  attached  Vlan101
10.1.1.2/32  10.1.1.2  Vlan101
10.1.1.3/32  10.1.1.3  Vlan101
10.1.2.0/24  attached  Vlan102
10.1.3.0/26  192.168.1.2  Vlan99
       192.168.1.3  Vlan99
10.1.3.64/26  192.168.1.2  Vlan99
       192.168.1.3  Vlan99
10.1.3.128/26  192.168.1.4  Vlan99
       192.168.1.3  Vlan99

ps:
Switch# show ip cef 192.168.5.0 detail 為例,畫面大致如下
192.168.5.0/24, version 21, cached adjacency to POS7/2
0 packets, 0 bytes, traffic_index 4
via 10.14.1.1, 0 dependencies, recursive
next hop 10.14.1.1, POS7/2 via 10.14.1.0/30
valid cached adjacency
說明:
There is a valid CEF entry for the destination network 192.168.5.0
Packets can be CEF-switched to the destination host

ps:
Switch# show ip cef 10.1.3.0 255.255.255.192 detail 為例,畫面大致如下
10.1.3.0/26, version 270, epoch 0, per-destination sharing 0 packets, 0 bytes
via 192.168.1.2, Vlan99, 0 dependencies
 traffic share 1
 next hop 192.168.1.2, Vlan99
 valid adjacency
via 192.168.1.3, Vlan99, 0 dependencies
 traffic share 1
 next hop 192.168.1.3, Vlan99
 valid adjacency
0 packets, 0 bytes switched through the prefix
tmstats: external 0 packets, 0 bytes internal 0 packets, 0 bytes
相關說明如下
1. version: describes the number of times the CEF entry has been updated since the table was generated
2. epoch:denotes the number of times the CEF table has been flushed and regenerated as a whole
3. The 10.1.3.0/26 subnet has two next-hop router addresses(192.168.1.2 , 192.168.1.3), so the local switch is using per-destination load sharing between the two routers.


…………………………………………………………………………………………………………….

Adjacency table
1. This portion of the FIB
ps:To streamline packet forwarding even more, the FIB has corresponding Layer 2 information for every next-hop entry
2. The adjacency table information is built from the ARP table
the table consisting of the MAC addresses of nodes that can be reached in a single Layer 2 hop
ps:As a next-hop address receives a valid ARP entry, the adjacency table is updated

CEF glean state
1. the FIB entry is marked as “CEF glean” If an ARP entry does not exist
This means that the Layer 3 forwarding engine can’t forward the packet in hardware because of the missing Layer 2 next-hop address
2. after marked “CEF glean”
The packet is sent to the “Layer 3 engine” so that it can generate an ARP request and receive an ARP reply for glean the next-hop destination’s MAC address.

ARP throttling/throttling adjacency
1. During the time that an FIB entry is in the CEF glean state waiting for the ARP resolution,
subsequent packets to that host are immediately dropped so that the “input queues” do not fill and the “Layer 3 engine” does not become too busy worrying about the need for dupliate ARP requests
2. If
an ARP reply is not received in 2 seconds:
the throttling is released so that another ARP request can be triggered.
after an ARP reply is received:
the throttling is released, the FIB entry can be completed, and packets can be forwarded completely in hardware

顯示glean狀態
Switch# show ip cef adjacency glean
畫面大致如下
Prefix Next Hop Interface
10.1.1.2/32 attached Vlan101
127.0.0.0/8 attached EOBC0/0
[output omitted]
說明:10.1.1.2因arp己age out而進入glean state
ps:
Switch# show ip cef 10.1.1.2 255.255.255.255 detail
10.1.1.2/32, version 688, epoch 0, attached, connected
0 packets, 0 bytes
 via Vlan101, 0 dependencies
  valid glean adjacency
說明:10.1.1.2因arp己age out而進入glean state
執行show ip arp 10.1.1.2 不會有資料 ,因10.1.1.2的arp己age out


The adjacency table also can contain other types of entries so that packets can be handled efficiently, types as follows


Null adjacency
it represents a logical interface that silently absorbs packets without actually forwarding them.


Discard adjacency
when packets must be discarded because of an access list or other policy action.

Drop adjacency
to switch packets that can’t be forwarded normally
ex:
an encapsulation failure, an unresolved address, an unsupported protocol,no valid route present, no valid adjacency, or a checksum error

gauge drop adjacency
# show cef drop
ps:畫面大致如下
CEF Drop Statistics
Slot Encap_fail Unresolved Unsupported No_route No_adj ChkSum_Err
RP 8799327 1 45827 5089667 32 0

Punt adjacency
when packets must be sent to the Layer 3 engine for further processing
various punt adjacency reasons as follows
 No_adj:-An incomplete adjacency
 No_encap:An incomplete ARP resolution
 Unsupp’ted:Unsupported packet features
 Redirect:ICMP redirect
 Receive:Layer 3 engine interfaces;
   includes packets destined for IP addresses that are assigned to interfaces on the:
    Layer 3 engine,
    IP network addresses,
    IP broadcast addresses
 Options:IP options present
 Access:Access list evaluation failure
 Frag:Fragmentation failure

gauge punt adjacency
# show cef not-cef-switched
gauge the CEF punt activity by looking at the various punt adjacency reasons
ps:
畫面大致如下
CEF Packets passed on to next switching layer
Slot No_adj No_encap Unsupp’ted Redirect Receive Options Access Frag
RP 3579706 0 0 0 41258564 0 0 0

display the adjacency table
Switch# show adjacency [ interface | vlan < vlan-id> ] [summary | detail]
ps
以#show adjacency summary為例,畫面大致如下
Adjacency Table has 106 adjacencies
Table epoch: 0 (106 entries at this epoch)
Interface Adjacency Count
Vlan99 21
Vlan101 3
Vlan102 1
Vlan103 47
Vlan104 7
Vlan105 27
說明:
display the total number of adjacencies known on each physical or VLAN interface
Adjacencies are kept for 1)each next-hop router and 2)each host that is connected directly to the local switch
ps:
以Switch# show adjacency vlan 99 detail為例,畫面大致如下
Protocol Interface Address
IP Vlan99 192.168.1.2(5) //indicates that there is an adjacency for the next-hop IP(192.168.1.2)
 0 packets, 0 bytes
 000A5E45B145000E387D51000800 //The destination MAC(000A5E45B145) is the MAC in the ARP table
 ARP 01:52:50
 Epoch: 0
IP Vlan99 192.168.1.3(5)
 1 packets, 104 bytes
 000CF1C909A0000E387D51000800
 ARP 04:02:11
 Epoch: 0
[output omitted]
說明:
the format of the long string of hex digits
 1. MAC address: the first six octets , ex:000A5E45B145
 2. MAC address of the Layer 3 engine’s interface:six octets , ex:000E387D5100
 3. the EtherType value:two octets , ex:0800
ARP:shows adjacency with the age of its ARP entry
0 packets, 0 bytes:are almost always 0

……………………………………………………………………………………………………………..

packet rewrite engine
When a multilayer switch finds valid entries in the FIB and adjacency tables, a packet is almost ready to be forwarded.
One step remains: The packet header information must be rewritten.
ps:
The switch has an additional functional block that performs a packet rewrite in real time
ps:
multilayer switch can do this very efficiently with dedicated packet-rewrite hardware and address information obtained from table lookups.

The packet rewrite engine makes the following changes to the packet just before forwarding
Layer 2 destination address:Changed to the next-hop device’s MAC address
Layer 2 source address:Changed to the outbound Layer 3 switch interface’s MAC address
Layer 3 IP TTL:Decremented by one because one router hop has just occurred
Layer 3 IP checksum:Recalculated to include changes to the IP header
Layer 2 frame checksum:Recalculated to include changes to the Layer 2 and Layer 3 headers
ps:
A traditional router normally would make the same changes to each packet.
The multilayer switch must act as if a traditional router were being used, making identical changes.

…………………………………………………………………………………………………………..