CCIE-Cisco fast forward mechanism (CEF-Cisco Express Forwarding)

Original: http://togogociscojava.blog.163.com/blog/static/12801732420098195191634? Fromdm & fromsearch & isfromsearchengine = Yes

CEF uses a forwarding table with a four-level structure of 256 entries per level to specify the position of the forwarding entry. The forwarding table contains nexthop and other information, covering the entire IPv4 address range, A pointer points to another adjacent table. Forwarding entries (such as MAC addresses) are stored in a separate adjacent table. These two tables contain all the forwarding information, which is constructed based on the route table and ARP.

CEF simplifies the Query Process and improves the work efficiency per unit of time. In addition, the routing information and forwarding information are separated from each other. packet forwarding is based only on the forwarding information instead of the routing information. dedicated hardware functions can be fully utilized to achieve line rate forwarding, it is not subject to route changes or other factors, ensuring high-speed and efficient forwarding.

CEF forwarding provides three tables
1> fib: the forwarding information copied from the route selection table, including the minimum information required for forwarding routing groups in the route selection table.
2> adjacent table: maintains an adjacent node and their related 2-layer Mac rewriting or scare information database.
3> NetFlow table: used to collect network data.

It should be noted that the forwarding information of CEF is not stored in the cache, so there is no expiration or timed refresh. Only changes made based on changes in the route table are usually stable. In addition, the forwarding information is converted from the route information after a certain amount of processing. That is to say, if the forwarding information of a certain packet cannot be found in the forwarding information, you do not have to worry about the route, because it certainly does not exist. This packet is not discarded, but transferred to other forwarding threads. The forwarding information is equivalent to the deformation of the route information for hardware forwarding.

This structure layout ensures the separation of routing and switching functions (software ). The routing function only processes information above three layers, such as route information processing and policies. Then, a route table is formed and the corresponding forwarding information is generated based on the route table. The forwarding function is clear, that is, to work based on the forwarding information, and refuse if there is no relevant information. Unlike the MLS, you have to go back to the route to understand what you don't know, which reduces the forwarding efficiency. In the software form, CEF achieves the separation of routing and switching functions, which does not mean the separation of the physical structure of the router. Therefore, it can also be implemented on some multi-layer switches and low-end routers.

Its high speed is manifested in the following two aspects:
1> the query method simplifies the process and increases the speed;
2> the routing and forwarding functions are separated.

Hardware platform supporting CEF

Cisco first implements CEF on the high-end router platform. Afterwards, the Catalyst Switch also supports CEF forwarding. However, there are still some differences, but they all provide the following features:
1. High-Speed Forwarding Based on "Longest address match"
2. Load Balancing with equivalent paths
3. Reverse path forwarding check (RPF)
4. the unknown route is invalid.

Some CEF features are only implemented on vrouters.
1. Disable the CEF-based forwarding capability
2. CEF statistics for each prefix and each prefix length
3. Load Sharing path statistics
4. Load Balancing Based on each group

When using CEF in the network, consider the following items:
Minimum Memory required for loading the current complete Internet route information platform (recommended ):
-128 MB on the centralized routing module
-64 MB for each line card
The CEF cannot run concurrently with the VIP-distributed quick switch on a line card.

By default, if Cisco IOS software encounters a function and encapsulation type that is not supported by CEF when exchanging data reports, it will adopt other exchange methods (such as optimal exchange, fast exchange, and process exchange ).

Currently, CEF does not support the following functions:
-Policy Routing
-Network Address Translation (NAT)
-Access Control List on the Routing Switching Module
-Multi-Point PPP Encapsulation
-Smds
-Card Ring
-ATM
-Isl Encapsulation

The following platforms support the CEF function:
Cisco7000 series routers (requires rsp7000)
Cisco7200 Series
Cisco7500 Series
Cisco12000 Series

Second generation interface module (VIP2-20, VIP2-40, VIP2-50) Support CEF.

On Different router platforms, the hardware support for CEF may be different, which is determined by the route module installed in the router and other hardware. For example, on the cisco12000 series routers, all line cards support CEF switching. On the cisco7500 series routers, to implement CEF switching, the support of the RSP module and VIP line card is required. Each interface card uses its own engine to run CEF to forward data packets, and each interface has a copy of the FIB table. Each interface card unexchanges data packets independently, reducing the burden on the central routing module.

CEF operation

To understand the CEF, you must first understand the supervisor's processing structure. The Cisco supervisor2 structure is as follows:

Bottom plate:
It mainly provides Switching Matrix, 32 Gbit/s bus, multicast replication ASIC, network management processor, and two GBIC-based interfaces. The pfc2 and msfc2 child boards are also available.
Pfc2:
Provides a set of ASIC for all hardware-based forwarding. Generally, CEF is implemented on this card. It provides a layer-3 forwarding engine. Provides a variety of layer-3 tables, such as fib and adjacent tables. In addition, PFC also provides a hardware-based Access Control List and QoS-based ASIC.
Msfc2:
Msfc2 provides a CPU to process all layer-3 Control Panel activities. The control panel is part of the hardware architecture that processes route computing. Msfc2 is responsible for processing functions that cannot be processed by pfc2 hardware elements, as well as processing of all route selection protocol activities, such as OSPF and BGP Route Selection updates. Msfc2 is also responsible for forming the LP route selection table, FIB table, and adjacent table.

Among the three components, the monitoring baseboard and pfc2 are mandatory components, while the msfc2 component is optional (although it is required for layer-2 switching ), this includes the CPU used to form the CEF table. the CPU on the msfc2 sub-card runs all instances required by any configured route selection protocol. In addition, the CPU also processes groups that cannot be processed by hardware. Msfc2 is a ciscoios-based Router and configured in the same way. The configuration parameters are the same as those on the Cisco 7200 series routers. CEF is enabled by default with the supervisor. In fact, it cannot be closed.

For most common CEF functions, you do not need to configure CEF in particular, except for standard configurations such as the routing protocol and network interface address.

During vro initialization, a route selection table (such as static routing, direct connection routing, and dynamic learned Routing) is created based on the information in the vro software configuration ). After a route selection table is created, the CPU automatically creates the FIB and neighboring tables. FIB and the neighboring table show the data that appears in the route selection table according to the best forwarding method.

Unlike communication stream-based stream caching, the CEF table is based on the network topology. When a group enters a vswitch, the layer-2 forwarding engine ASIC of the vswitch searches for the longest matching value based on the destination network and the most detailed network mask. For example, pfc2 does not exchange IP address 172.31.10.3, but searches for network 172.31.10.0/24 and switches it to the interface connecting to the network. It does not involve any software except the route selection table and pre-created fib table. In addition, once the route selection table changes, all CEF tables will be updated immediately. This makes this method highly efficient, and the cache will not be ineffective due to route flip. CEF is more adaptable to network topology changes.

CEF table

1. CEF forwarding information library:
CEF uses the forwarding database (FIB) for IP address-based destination prefix exchange decisions. In terms of concept, fib is similar to a route table or information database. It maintains an image that contains IP route table forwarding information. When the route or topology in the network changes, the IP route table is updated, and these changes are also reflected in fib. Based on the information in the IP route table, FIB maintains the next hop address information. Because there is a one-to-one relationship between fib entries and route table entries, FIB contains all known routes, so there is no need to maintain the route cache, the previous switching methods (such as fast switching and optimal switching) must maintain the high-speed routing cache.

The CEF fib table consists of a 4-level tree ,. Level 4 comes from the bitwise address used in the IP address discussion. Each level of a layer is based on 8 bits in 32 bits. The CEF depends on the longest matching forwarding algorithm, which means that the entire tree is searched in descending order until the "Longest matching" means the maximum number of BITs matching. The FIB tree layer indicates that the top of the tree is the least detailed address, and the bottom is the most detailed address. Each leaf uses 8 bits as its boundary and lists more detailed table items in descending order. This tree (usually considered as a 256-way Branch tree) provides an efficient mechanism for fast search to ensure the minimum latency during the search process. This tree also provides a highly scalable architecture because it can fully count IPv4 with the minimum performance overhead compared to table Efficiency
Addressing. Each leaf provides a pointer to the corresponding next hop table item in the neighboring table.

2. Adjacency table)
If the network nodes in the network can pass through the link layer and reach each other through only one hop, they are adjacent. In addition to fib, CEF uses the adjacent table to provide addressing information for the second layer. The adjacent table maintains the next CIDR block for all fib entries.
Adjacent DetectionWhen a vro discovers that an adjacent layer exists, it is added to the adjacent table. Each time an adjacent entry is generated (like the ARP Protocol), CEF calculates a link layer header information for that adjacent node in advance, the header information is stored in the adjacent table. When a route is determined, it points to the next hop and the corresponding adjacent entries. Subsequently, during the CEF exchange of data packets, the pre-generated header information is used to encapsulate the data packets.
Break down the neighborA route table may contain multiple routes to reach the target network. For example, when a router is configured to allow redundant paths and Allow Server Load balancer. For each decomposed forwarding path, the adjacent entries are appended with a header label to indicate the next hop address of the path. This mechanism can be used to achieve load balancing on multiple paths.
The adjacent type that requires special processingIn addition, because the adjacent entries are associated with the next hop address, some special adjacent types can be used to accelerate the exchange process. After a prefix is defined, when the following cached adjacent entries exist, the prefix must be specially processed. An empty adjacent packet with the null0 interface as the target address will be discarded. This can be used as an effective mechanism when accessing the filter.
Neighbor InductionWhen a vro is directly connected to several hosts, the FIB table maintains the subnet prefix instead of the prefix of each host. This subnet prefix is an induction of the adjacent areas. When you want to forward a data packet to a specific host, the connected database uses the summarized neighbor.
Outbound neighborWhen you encounter some special processing functions or functions not supported by CEF, the router uses a more advanced exchange method to process data packets.
Discard neighborThe data packet is discarded. This type of joining only appears on the cisco12000 series routers.
Release adjacentThe data packet is released, but the prefix is still valid.
No decomposed neighborWhen the link layer header information is appended to the data packet, FIB needs the header to indicate the next hop address. If an adjacent table is created in the FIB table, but the addressing information of the second layer is not found, for example, if the addressing information of the second layer is not found through ARP, this joining is considered incomplete. This packet will be handed over to the routing module for processing, and the adjacent relationship is determined by ARP.

CEF forwarding process

Two CEF tables:

The layer-3 package is searched from TCAM. The longest match is performed to obtain the neighbor information. The original layer-2 data frame (Next Hop MAC address) is rewritten and forwarded.
The CEF table is obtained from the route table and the neighbor table is parsed using ARP.

CEF multi-layer switching process:

The MAC-M on the left (MAC address) is Sw. The MAC-M on the right is Sw.
If the MAC address of the destination IP address is not in the neighbor table, SW uses ARP for resolution to obtain the MAC address of the destination address.

ARP throttling: when the target MAC address is not obtained and ARP resolution is performed, all packets sent to the target host will be discarded, Which is ARP suppression.

FIB supports up to six neighboring entries that reach the same destination.

CEF Mode

There are two operation modes for CEF: centralized CEF mode and distributed CEF mode.
You can enable CEF in any of the following modes. You can only use one mode at a time.
Centralized CEF ModeWhen the centralized CEF mode is enabled, the FIB and the adjacent table of the CEF reside in the routing processor, and the routing processor performs fast forwarding. For CEF switching, the centralized CEF mode can be used when the line card is unavailable or when the required functions are incompatible with the distributed CEF switching.
Distributed CEF ModeWhen distributed CEF (dcef) is enabled, the line card (such as the VIP line card or GSR Line Card) maintains the same copy as the FIB and the adjacent table. The line is stuck between the port adapters for fast forwarding, so that the exchange operation does not require the participation of RSP. Dcef uses an inter processcommunication (IPC) mechanism to ensure the synchronization of FIB and the adjacent table in the routing processing module and line card.

In the cisco12000 series routers, the line card is responsible for performing CEF switching. In other routers, you may not use the same type of line card. It is possible that an interface card does not support CEF switching.

When a line card that does not support CEF switching receives a packet, she forwards the packet to a higher switching layer (such as the routing module) or forwards the packet to the next hop for processing. This mechanism allows the coexistence of old and new interface modules.

1. cisco12000 series Gigabit Switches only run in dcef mode.
2. Distributed CEF switching and distributed fast switching are not allowed on a VIP card.
3. cisco7200 series routers do not support distributed CEF switching.

When you configure the centralized mode Cef and distributed mode CEF, you can also configure the following features:
1> Access Control List supported by distributed CEF
2> distributed CEF supports Frame Relay packets
3> distributed CEF supports data packet sharding.
4> supports Load Balancing Based on each package or target
5> Network Billing is supported to collect the number of data packets and number of nodes
6> distributed CEF supports cross-tunnel Switching

Send to next hop for processing. This mechanism allows the coexistence of old and new interface modules.

1 cisco12000 series Gigabit Switches only run in dcef mode.
2. Distributed CEF switching and distributed fast switching are not allowed on a VIP card.
3 cisco7200 series routers do not support distributed CEF switching.

Additional new features
You can also configure the following features When configuring the centralized mode Cef and distributed mode CEF:
1> Access Control List supported by distributed CEF
2> distributed CEF supports Frame Relay packets
3> distributed CEF supports data packet sharding.
4> supports Load Balancing Based on each package or target
5> Network Billing is supported to collect the number of data packets and number of nodes
6> distributed CEF supports cross-tunnel Switching

CEF operation

CEF:
If your Cisco router has an interface processor that supports CEF, you can enable CEF.
To enable or disable CEF, you canGlobal Configuration ModeThe following command is used for configuration.
Enable the standard CEF mode ip cef Switch
Disable no ip cef switch in standard CEF Mode

Dcef:
Dcef is enabled when the line card performs fast forwarding. In this way, the routing module can process the routing protocol or switch from the old interface module (the module does not support CEF switching) data packets.
Dcef mode is enabled by default on cisco12000 series routers.
Therefore, the command to enable dcef (ip cef switch) is meaningless on the cisco12000 series routers, and the dcef mode is not listed in the configuration list.
To enable or disable the dcef operation, you canGlobal Configuration ModeThe following command is used for configuration.
Enable dcef mode ip cef distributed Switch
Disable dcef mode no ip cef distributed Switch

Sometimes, if a function is configured on an interface, and Cef or dcef does not support this function, you may need to disable CEF or dcef on this specific interface. For example, Policy Routing and Cef cannot be used together. You may want an interface to support policy routing, while other interfaces to support CEF. In this case, you can enable CEF in global mode, and disable CEF on the Interface on which the policy route is to be configured. In this way, fast forwarding is enabled on all other interfaces except for that interface.

Disable CEF or dcef on an interface. You can set the no IP route-Cache CEF mode in the interface configuration mode.
Then you want to re-enable CEF. In interface configuration mode, you can use: IP route-Cache CEF.

On cisco12000 series routers, you cannot disable the dcef mode on an interface.

CEF Load Balancing

Destination-based balancing:
The destination-based Server Load balancer allows the router to use multiple routes to balance the load. For a source/target host, data packet forwarding uses the same path. This can be done even if multiple paths are available. You can use different paths for data packets arriving at different destinations.
When CEF is enabled, the destination-based load balancing function is enabled by default. In most cases, this load balancing method is used.
Because the destination-based load balancing relies on statistics on data streams to distribute information, the load balancing becomes more effective as the number of "source/destination pairs" increases.

Packet-based load balancing:
When the packet-based load balancing function is enabled, you must first disable the destination-based load balancing function. In the interface configuration mode,
No IP load-sharing per-destination
With data packet-based load balancing, the router can send data packets continuously in the path without considering the specific host or user situation. This load balancing mechanism uses a rotation method to determine which path each data packet uses to reach the destination. Packet-based load balancing can ensure load balancing on multiple links.

To enable the packet-based load balancing function, you can configure the interface mode,
IP load-sharing per-Packet

Configure the network accounting function for CEF

Enable collection of the number of data packets and number of nodes that are quickly forwarded to a destination
Ip cef accounting per-Prefix
Enable the number of packets to be quickly forwarded through a specific destination.
Ip cef accounting non-recursive
After the network accounting function is enabled for CEF in global configuration mode, the corresponding Route Processor collects accounting information. When you enable the network accounting function for dcef, the line card will collect accounting information.
View network accounting information show IP CEF

Configure cross-tunnel switching for CEF

CEF supports cross-tunnel switching, such as GRE tunnel. When you enable the CEF or dcef mode, cross-tunnel switching is automatically enabled, so you do not need to perform any additional operations to enable cross-tunnel switching.

CEF Test

Cisco7505 # SH ip CEF detail
Ip cef with switching (Table Version 5), flags = 0x0
5 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 0
5 leaves, 8 nodes, 9080 bytes, 10 inserts, 5 invalidations
0 load sharing elements, 0 bytes, 0 references
Universal per-destination load sharing algorithm, Id 9466a8c7
3 (0) CEF resets, 0 revisions of existing leaves
Resolution Timer: exponential (currently 1 s, peak 1 s)
0 in-place/0 aborted modifications
Refcounts: 2311 leaf, 2304 Node
Table epoch: 0 (5 entries at this epoch)
0.0.0.0/0, version 0, epoch 0, attached, default route Handler
0 packets, 0 bytes
Via 0.0.0.0, 0 Dependencies
Valid no route adjacency
0.0.0.0/32, Version 1, epoch 0, receive
224.0.0.0/4, version 4, epoch 0
0 packets, 0 bytes
Via 0.0.0.0, 0 Dependencies
Next Hop 0.0.0.0
Valid drop adjacency
224.0.0.0/24, version 3, epoch 0, receive
255.255.255.255/32, Version 2, epoch 0, receive

Msfc2 # SH ip CEF Summary
Ip cef with switching (Table Version 477965)
445 routes, 0 reresolve, 0 unresolved (0 old, 9 new)
446 leaves, 76 nodes, 132560 bytes, 477966 inserts,
477520 invalidations
0 load sharing elements, 0 bytes, 0 references
1cef resets, 2 revisions of exsiting leaves
Refcounts: 15824 leaf, 15038 Node
Default 192.35.86.0/24