MPLS Fundamentals: 4 – CEF

Process Switching

Process switching is the slowest of all switching methods. When switching a packet through the router, a Cisco IOS process copies  the packet to the CPU memory and looks up the destination IP address in the IP routing table. Based on the outcome of this lookup,  the process switches out the packet on a particular interface after it does some housekeeping on the IP header.

Fast Switching

The first packet for a destination that arrives is process switched. The switching of the first packet by the central CPU gives the CPU  the opportunity to build a cache. This cache is called the IP fast switching route cache and is used by the interrupt code to switch  subsequent packets for the same destination.

If a prefix changes in the routing table, the entry in the fast switching cache is invalidated, and the first packet for a destination has  to be process-switched again to build the new entry in the route cache.

Each IP prefix entry in the route cache has an outgoing interface, next hop, and Layer 2 rewrite field. This Layer 2 rewrite (or MAC  rewrite) is the information that the router needs to change in the Layer 2 frame header when the frame is rebuilt so that it can be  sent on the outgoing interface.

The command to enable fast switching on the interface is ip route-cache.

show ip cache verbose
show ip cache verbose
CEF Switching

If an IP packet has IP options trailing the IP header, the packet is process–switched. That is because the treatment of IP options is not  straightforward and cannot be done easily in Interrupt mode or in hardware and is thus handled by the central CPU.

The CEF table holds the essential information—taken from the routing table—to be able to make a forwarding decision for a  received IP packet.

Layer 3 Lookup and Layer 2 Rewrite

Distributed CEF (DCEF)

An example of such a router is the 7200 series router. CEF in this platform can only use the central CPU and as such can forward  traffic by the CPU or in interrupt mode. Other hardware—such as the 7500 or GSR 12000 series router—has distributed intelligence  and CPUs. Therefore, the router can distribute the burden of forwarding traffic through CEF by using the distributed CPUs to forward  traffic without interrupting the central CPU.

To enable distributed CEF on a router, configure the command ip cef distributed.

The generalized command to see the CEF table in hardware for any ASIC is show ip hardware-cef.

The router can also distribute the LFIB and load it into ASICs.

The command to see the LFIB in the ASIC is show tag-switching hardware-tag.

In CEF, the two main load balancing schemes are per-packet or per-destination. If you configure the per-packet load balancing  scheme, the load balancing of all packets is round-robin packet per packet on the outgoing links. The per-packet load balancing is  configured with the interface command ip load-sharing per-packet. You need to configure this command on all the outbound interfaces if you want to configure per-packet CEF load balancing.

The default CEF load balancing scheme is per-destination. This terminology is a bit misleading, though, because the CEF per-  destination load balancing is done by hashing the destination and source IP address.

Per-packet load sharing scheme can send consecutive packets of the same flow (this means the same source/destination IP address  pair) across different paths and hence might lead to a reordering problem of the IP packets at the destination. This can lead to  problems for traffic such as VoIP because a performance hit or quality degradation can occur if the packets arrive out of sequence, as  packets might be considered lost. In addition, it adds jitter.

show ip cef detail - internal
show ip cef detail – internal

show ip cef exact-route
show ip cef exact-route

Unequal Cost Load Balancing in EIGRP

In short, the variance number allows all routes that have a metric that is smaller than that of the best route multiplied by the  variance to be installed in the routing table.

One additional check is needed: The reported distance (metric of the route as reported by the EIGRP neighbor) of a route has to be  smaller than the feasible distance (FD) in EIGRP for it to be eligible for installation in the routing table.

The labels are top label to bottom label when read from left to right. In this case, 23 is the top label and 21 is the bottom label. This VPN prefix is an MPLS VPN prefix. Usually two labels are imposed on the ingress PE router for it.

show ip cef vrf
show ip cef vrf

An LSR can add labels to an already labeled packet along the LSP, but the LSR performs that function according to the LFIB and not  the CEF table. CEF labels only the packets that are initially on the ingress PE router; CEF labels only IP packets.

The load balancing is done only between labeled paths. This means that if an IP (unlabeled) and a labeled path have the same cost, only the labeled path is used to forward the packets.

The command to verify which path a labeled IPv4 packet will take in the case of per-destination load balancing is

show mpls forwarding-table labels label exact-path ipv4 source-address destination-address

Following are the general rules for load balancing labeled packets on a non-IPv6-capable Cisco IOS router:

  • If the MPLS payload is an IPv4 packet, the load balancing is done by hashing the source and destination IP address of the IPv4  header.
  • If the MPLS payload is not an IPv4 packet, the load balancing is done by looking at the value of the bottom label.

The algorithm for load balancing the MPLS packets becomes as follows:

  • If the MPLS payload is an IPv4 packet, the load balancing is done by hashing the source and destination IP address of the IPv4  header.
  • If the MPLS payload is an IPv6 packet, the load balancing is done by hashing the source and destination IP address of the IPv6  header.
  • If the MPLS payload is not an IPv4 or IPv6 packet, the load balancing is done by looking at the value of the bottom label.

You can disable and enable CEF on the interface by using the command ip route-cache cef. Toggling CEF on the interface can often  indicate whether the problem is with CEF. If the problem lies with the Layer 2 rewrite of the packets, you can check the adjacency  information with the show adjacency command or clear the adjacency with the clear adjacency command. The debug

command debug ip cef drops [access-list] tells you if IP packets are dropped on the ingress PE router.

show ip cef switching statistics, which tells where packets possibly have been dropped and why.

Share this!

Author: Mo Moghaddas

Traveler. Casual investor. Amateur photographer loving Networks. Blockchain/Cryptocurrency enthusiast. Internet citizen!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.