Tuesday 26 August 2014

Cisco Express Forwarding

  Cisco Express Forwarding (CEF) is a packet-switching technique that is the default for many of Cisco’s router over the last ten years. It provides the ability to switch packets through a device in a very quick efficient way while also keeping the load on the router’s processor low. This way the route process can be tasked with dealing with other duties that require larger amounts of processor time (Quality of Service, Encryption, etc.). This article takes a brief look at the different structures that are used by CEF and how they are built and interrelate.

Benefits


CEF offers the following benefits:

Improved performance—CEF is less CPU-intensive than fast switching route caching. More CPU processing power can be dedicated to Layer 3 services such as quality of service (QoS) and encryption.

Scalability—CEF offers full switching capacity at each line card when dCEF mode is active.

Resilience—CEF offers an unprecedented level of switching consistency and stability in large dynamic networks. In dynamic networks, fast-switched cache entries are frequently invalidated due to routing changes. These changes can cause traffic to be process switched using the routing table, rather than fast switched using the route cache. Because the Forwarding Information Base (FIB) lookup table contains all known routes that exist in the routing table, it eliminates route cache maintenance and the fast-switch or process-switch forwarding scenario. CEF can switch traffic more efficiently than typical demand caching schemes.


 Cisco Express Forwarding Concepts


Cisco Express Forwarding components:

Information conventionally stored in a route cache is stored in several data structures for CEF switching. The data structures provide optimized lookup for efficient packet forwarding. The two main components of CEF operation are described in the following sections:

Forwarding Information Base

Adjacency Tables

CEF Operation Modes


CEF can be enabled in one of two modes described in the following sections:

Central CEF Mode

Distributed CEF Mode

Central CEF Mode


When CEF mode is enabled, the CEF FIB and adjacency tables reside on the RP, and the RP performs the express forwarding. You can use CEF mode when line cards are not available for CEF switching or when you need to use features not compatible with dCEF switching. 

Distributed CEF Mode


When dCEF is enabled, line cards, such as VIP line cards or GSR line cards, maintain an identical copy of the FIB and adjacency tables. The line cards perform the express forwarding between port adapters, relieving the RSP of involvement in the switching operation.

dCEF uses an Inter Process Communication (IPC) mechanism to ensure synchronization of FIB tables and adjacency tables on the RP and line cards.

 RIB, FIB, LFIB, Adjacency table
Control Plane - maintains routing information:
  • Routing Information Base(RIB/Routing table) operates in software - sh ip route
    • Directly connected
    • Static Routes
    • Dynamic routing information
  • ARP Table  sh arp
Data/Forwarding Plane - responsible for moving data in and out(ingress/egress):
  • Forwarding Information Base(FIB) - sh ip cef
    • Built from RIB best routes and the ARP table
    • RIB changes are reflected in FIB
  • Adjacency Table - sh adjacency
    • Contains L2 next hop information for all entries in FIB
  • Label Forwarding Information Base(LFIB)
    • Used for labeled packets(MPLS)
Adjacency Types:
  • Glean - FIB maintains a subnet prefix and needs additional ARP information for specific hosts
  • Null - Packets destined for Null0 are dropped(Bit Bucket/Black Hole/Discard/etc)
  • Drop - Device drops packets that can't be forwarded normally(by default generates ICMP unreachables)
    • Encapsulation Failure
    • Unresolved Address
    • Unsupported Protocol
    • No Valid Route
    • No Valid Adjacency
    • Checksum Error
  • Discard - Device discards packets based on policy(by default does not generate and ICMP unreachables)
    • Unassigned Loopback IP addresses that belong to the interface subnet but are unassigned are also discarded; for example lo0 is assigned 1.1.1.1 255.255.255.0, 1.1.1.2-1.1.1.254 will be discard adjacencies
  • Punt - CEF cannot forward the traffic, so packets are sent to the Control Plane(L3) for processing
CEF Load Balancing Hash

  CEF supports TCP/IP load balancing over parallel links, if there are multiple paths to the same  destination, the device will create a 16 row hash table with individual path pointers; sh ip cef <prefix> internal
  • per-destination mode(default) - All packets to a given destination follow the same path, preserving packet order.  Can cause unequal usage of the links if the majority of traffic is               destined for one host.
    • source and destination IP address is hashed and pointed to a specific entry in the adjacency table
  • per-packet mode(ip load-sharing per-packet) - Guarantees equal load across links, but may cause an out of order packet situation 
    • packets are distributed round robin across all paths
Polarization Concept and Avoidance

Polarization occurs when all devices use the same hash to reach the same destination.  Per-packet load sharing could be used as a solution, but due to the negative effect of out of order packets, it is not the preferred solution.
The preferred solution is to alternate between hashing inputs at each layer of the network.  The default load sharing is Source IP, Dest IP and unequal weights of the links
  • mls ip cef load-sharing simple - Source IP and Dest IP equal weights
  • mls ip cef load-sharing full - Source IP, Dest IP, and L4 port number unequal weights
  • mls ip cef load-sharing full simple - Source IP, Dest IP, and L4 port number equal weight
Posted by at
Labels: , , , , ,