Understanding CEF

What is CEF?

Definition from Cisco.com :

Cisco Express Forwarding (CEF) is advanced, Layer 3 IP switching technology. CEF optimizes network performance and scalability for networks with large and dynamic traffic patterns, such as the Internet, on networks characterized by intensive Web-based applications, or interactive sessions.

To understand this better, one has to understand why and how CEF came about.  With Cisco IOS  there are different Switching Methods, that define how packets are forwarded through a router. The first method, which happens to be the oldest and slowest is Process-Switching. Alternatively when  packets arrive, the interface processor can interrupt the central CPU and asks it to switch the packet according to a route cache or switching table. That cache or table can be built in several ways, the two of interest here are Fast-Switching and CEF.

With Process-Switching, when a packet enters the router the Layer-2 info is stripped off,   the packet is then copied to the CPU memory where a L3  lookup is performed, and any other CPU required features, like NAT, queuing, compression etc, along with any other housekeeping like lowering the TTL, recalculating the CRC are done, before the frame is rewritten with the new L2 destination address and sent to the outgoing interface. The Big, the Bad and the Ugly!

With Fast-Switching, the first packet in a flow is still copied to the CPU for the L3 lookup and housekeeping, before being rewritten with the L2 destination address. The switching of the first packet by the central CPU gives the CPU the opportunity to build a cache called the fast-switching cache, which is used to switch all subsequent packets for the same destination using the same switching path across the router. With Fast-Switching the cache is only built on demand, which can be time consuming when huge numbers of potential destinations are involved. To avoid this a pre-build cache was needed, and thus CEF was born.

With CEF (Cisco Express Forwarding), there are two main data structures:

• The Adjacency-Table : is responsible for the MAC or Layer 2 rewrite. This adjacency can be built from ATM,  Frame Relay map statements, dynamic information learned from Ethernet-ARP, inverse ARP on ATM, or Frame Relay. The Layer 2 rewrite string contains the new Layer 2 header which is used on the forwarded frame.  For Ethernet, this is the new destination and source MAC address and the Ethertype. For PPP, the Layer 2 header is the complete PPP header, including the Layer 3 protocol ID.

• FIB (Forwarding Information Base) Table : The CEF table/FIB table holds the essential information, taken from the routing table, to be able to make a forwarding decision for a received IP packet. This information includes the IP prefix, the recursively evaluated next hop, and the outgoing interface.

The CEF process flow:

1. When a packet enters the router, the router strips off the Layer 2 information.
2. The router looks up the destination IP address in the CEF table (FIB), and it makes a forwarding decision.
3. The result of this forwarding decision points to one adjacency entry in the adjacency table.
4. The information retrieved from the adjacency table is the Layer 2 rewrite string, which enables the router to put a new Layer 2 header onto the frame,
5. The packet is switched out onto the outgoing interface toward the next hop.

To enable Proccess-Switching on a interface you have to disable Fast-Switching and CEF that is enabled by default:

#no ip route-cache
#no ip cef

To enable Fast-Switching on a interface use the following command:

#ip route-cache

To display the IP Fast-Switching Route-Cache :

#show ip cache [verbose] [prefix mask]

To enable CEF globally  (Default = Enabled) :

#ip cef

To enable CEF on the interface :

#ip route-cache cef


To see the CEF Adjacency Table, the [detail] option displays the L2-Rewrite string:

#show adjacency [detail]

To see the CEF FIB Table:

#sh ip cef [prefix]