Understanding CEF

What is CEF?

Definition from Cisco.com :

Cisco Express Forwarding (CEF) is advanced, Layer 3 IP switching technology. CEF optimizes network performance and scalability for networks with large and dynamic traffic patterns, such as the Internet, on networks characterized by intensive Web-based applications, or interactive sessions.

To understand this better, one has to understand why and how CEF came about.  With Cisco IOS  there are different Switching Methods, that define how packets are forwarded through a router. The first method, which happens to be the oldest and slowest is Process-Switching. Alternatively when  packets arrive, the interface processor can interrupt the central CPU and asks it to switch the packet according to a route cache or switching table. That cache or table can be built in several ways, the two of interest here are Fast-Switching and CEF.

With Process-Switching, when a packet enters the router the Layer-2 info is stripped off,   the packet is then copied to the CPU memory where a L3  lookup is performed, and any other CPU required features, like NAT, queuing, compression etc, along with any other housekeeping like lowering the TTL, recalculating the CRC are done, before the frame is rewritten with the new L2 destination address and sent to the outgoing interface. The Big, the Bad and the Ugly!

With Fast-Switching, the first packet in a flow is still copied to the CPU for the L3 lookup and housekeeping, before being rewritten with the L2 destination address. The switching of the first packet by the central CPU gives the CPU the opportunity to build a cache called the fast-switching cache, which is used to switch all subsequent packets for the same destination using the same switching path across the router. With Fast-Switching the cache is only built on demand, which can be time consuming when huge numbers of potential destinations are involved. To avoid this a pre-build cache was needed, and thus CEF was born.

With CEF (Cisco Express Forwarding), there are two main data structures:

  • The Adjacency-Table : is responsible for the MAC or Layer 2 rewrite. This adjacency can be built from ATM,  Frame Relay map statements, dynamic information learned from Ethernet-ARP, inverse ARP on ATM, or Frame Relay. The Layer 2 rewrite string contains the new Layer 2 header which is used on the forwarded frame.  For Ethernet, this is the new destination and source MAC address and the Ethertype. For PPP, the Layer 2 header is the complete PPP header, including the Layer 3 protocol ID.
  • FIB (Forwarding Information Base) Table : The CEF table/FIB table holds the essential information, taken from the routing table, to be able to make a forwarding decision for a received IP packet. This information includes the IP prefix, the recursively evaluated next hop, and the outgoing interface.

The CEF process flow:

  1. When a packet enters the router, the router strips off the Layer 2 information.
  2. The router looks up the destination IP address in the CEF table (FIB), and it makes a forwarding decision.
  3. The result of this forwarding decision points to one adjacency entry in the adjacency table.
  4. The information retrieved from the adjacency table is the Layer 2 rewrite string, which enables the router to put a new Layer 2 header onto the frame,
  5. The packet is switched out onto the outgoing interface toward the next hop.

To enable Proccess-Switching on a interface you have to disable Fast-Switching and CEF that is enabled by default:

#no ip route-cache
#no ip cef

To enable Fast-Switching on a interface use the following command:

#ip route-cache

To display the IP Fast-Switching Route-Cache :

#show ip cache [verbose] [prefix mask]

To enable CEF globally  (Default = Enabled) :

#ip cef

To enable CEF on the interface :

#ip route-cache cef

To see the CEF Adjacency Table, the [detail] option displays the L2-Rewrite string:

#show adjacency [detail]

To see the CEF FIB Table:

#sh ip cef [prefix]


5 thoughts on “Understanding CEF

  1. Thank you! I was looking for a straight forward answer to what CEF was and this has helped me a lot. The cisco press book I was reading confused me to the point of tears.

  2. Crystal clear explanation…
    What really matters in understanding CEF , is to keep in mind that SWITCHING in a ROUTER ( or forwarding packets ) , is the process of receiving a packet in one interface and forwarding it out of another interface .
    CEF is like a copy of the routing table ( layer 3 information ) and adjacency table includes MAC ( layer 2 ) information. So CEF is a mechanism that speed up this decision (find the right output interface) by actually building these two tables (CEF and adjacency) and finally combine them.
    (To go a little further , CEF and adjacency tables are built during the convergence of a network and have optimized lookups so that recursive lookups are avoided , which is one more advantage over the other methods )
    Correct me if i am wrong as i am a newbie here :P

Please leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.