Guest

Cisco IOS Software Releases 12.0 Mainline

How to Verify Cisco Express Forwarding Switching

Cisco - How to Verify Cisco Express Forwarding Switching

Introduction

Cisco IOS® Software supports several mechanisms to facilitate the forwarding of traffic with minimal delay and high throughput. This document explains how to determine which Cisco IOS switching or forwarding path your packets take.

Note: This document discusses process switching, fast switching, and Cisco Express Forwarding (CEF) only.

Prerequisites

Requirements

Readers of this document should be knowledgeable of these topics:

  • Cisco IOS Software

  • Cisco 1600, 2500, and 3600 Series platforms

Components Used

This document is not restricted to specific software and hardware versions.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

What Is Cisco IOS Switching?

Cisco IOS switching defines the packet flow through the router. More specifically, it determines how quickly the packet can be forwarded through the router, and also in which physical buffers the packets are stored.

During the history of Cisco IOS, multiple switching methods have been developed. Some methods are supported only on particular platforms. CEF is the latest switching method. When CEF is enabled globally (default behavior), the ip route-cache cef interface specific command is also enabled. This command ensures CEF switching is done for packets that enter this interface. Occasionally, if needed to disable CEF on one interface alone, the no ip route-cache cef command is added. This disables CEF switching for that interface alone. Cisco IOS does not add the no ip route-cache command to the running-config on its own when it is forced to disable CEF. It was introduced on many platforms in Cisco IOS 12.0 mainline, particularly low- and mid-range platforms such as the Cisco 1600, 2500, and 3600 Series.

When a router receives a packet on a routed interface, it first removes the Layer 2 (L2) frame information. It then stores the Layer 3 (L3) packet in Input/Output (I/O) memory. What happens next depends on the switching path that the packet follows.

Verification Steps

These steps can be used to confirm that packets follow the CEF switching path:

  1. Confirm that CEF is enabled globally and on a particular interface.

    router#show ip cef
    
    %CEF not running
    1. Use the ip cef command in global configuration mode to enable (central) CEF.

      Note: On the Cisco 7200 Series, CEF is the default Cisco IOS switching method in an upcoming release of Cisco IOS.

    2. Use the show ip cef prefix command and confirm that prefixes are listed.

      router#show ip cef
      
      Prefix              Next Hop            Interface 
      0.0.0.0/32          receive 
      192.168.0.0/30      attached            Serial2/0/0:1 
      192.168.0.0/32      receive
  2. Confirm that CEF is enabled on a particular interface.

    1. Use the show cef interface x/x command to look for "IP CEF switching enabled," or "IP distributed CEF (dCEF) switching enabled."

      router#show cef interface fastEthernet 0/0/0 
      FastEthernet0/0/0 is up (if_number 2) 
        Internet address is 192.168.1.253/24 
        ICMP redirects are always sent 
        Per packet loadbalancing is disabled 
        Inbound  access list is not set 
        Hardware idb is FastEthernet0/0/0 
        Fast switching type 1, interface type 18 
        IP Distributed CEF switching enabled 
        Fast flags 0x0. ifindex 1(1) 
        Slot 0 Slot unit 0 VC -1 
        Hardware transmit queue ptr 0x48001A00 (0x48001A00) 
        Transmit limit accumulator 0x48001A02 (0x48001A02) 
        IP MTU 1500
    2. Use the show ip interface command to display the enabled Cisco IOS switching methods.

      router#show ip interface fastethernet 1/0/0.1 
       FastEthernet1/0/0.1 is up, line protocol is up 
        
         IP fast switching is enabled 
         IP fast switching on the same interface is enabled 
         IP Flow switching is disabled 
         IP CEF switching is enabled 
         IP Distributed switching is enabled 
         IP Fast switching turbo vector 
         IP Normal CEF switching turbo vector 
         IP multicast fast switching is enabled 
         IP multicast distributed fast switching is disabled 
         IP route-cache flags are Fast, Distributed, No CEF
      

      In this output, the "No CEF" flag indicates that CEF has been disabled because of the no ip route-cache cef command on a particular interface. The "CEF" flag indicates that CEF runs. In a steady state, both flags should not appear. Cisco bug ID CSCdr80269 (registered customers only) resolves rare conditions that can lead to both flags appearing. For more information on bug IDs, refer to the Bug Toolkit (registered customers only) .

  3. Confirm that a majority of the packets that flow through the router are CEF-switched.

    1. Use the show interface x/x stat command and determine the number of packets and bytes that the router forwarded through "Processor" instead of "Route cache." Note that "Route cache" includes both fast-switched and CEF-switched packets.

      router#show interface stats     
      FastEthernet0/0           
      Switching path Pkts In  Chars In Pkts Out Chars Out 
      Processor 95084 26211621 33493 3386174 
      Route cache 24581 1132797 24542 13297583 
      Distributed cache 0 0 0 0 
      Total  119665 27344418 58035 16683757
    2. Use the show ip cache command to determine if there is an IP cache entry, which indicates that the packet follows the fast-switching path. Fast switching builds on an on-demand route cache to expedite packet forwarding through a router. The driver code that runs on the interface hardware transfers control temporarily to the fast-switching code, which searches the route cache for a frame and other information constructed from a previously transmitted packet. If the route cache contains an entry, the fast-switching code attempts to send the packet directly to the destination interface.

      router#show ip cache
      IP routing cache 0 entries, 0 bytes 
         0 adds, 0 invalidates, 0 refcounts
      Minimum invalidation interval 2 seconds, maximum interval 5 seconds, 
         quiet interval 3 seconds, threshold 0 requests 
      Invalidation rate 0 in last second, 0 in last 3 seconds 
      Prefix/Length       Age       Interface       Next Hop

      These steps outline a more specific procedure for verifying that packets are being forwarded using CEF.

    1. Enable CEF with the ip cef command.

    2. Issue the clear ip cache command to clear the fast-switched cache entries.

    3. Start your traffic stream.

    4. Issue the show ip cache command. Confirm that no entries are displayed in the fast-switched cache since the packets are CEF-switched.

    5. Issue the show interface stats command and confirm incremental hits for route cache inbound.

      Note: The route cache counter includes both fast-switched and CEF-switched packets.

    6. Disable CEF with the no ip route-cache cef command on the inbound interface.

    7. Issue the show interface stats command and confirm incremental hits for route cache.

    8. Issue the show ip cache command and confirm that you see entries since Cisco IOS has fallen back to fast switching.

    9. Issue the no ip route-cache command on the outbound interface to disable fast switching. Packets on the matching inbound interface are process switched.

      Note: It is not recommended to configure process switching in a heavy traffic network.

  4. If you have confirmed that CEF is enabled on a router interface and determined that most packets are not CEF-switched, capture these commands when you report a problem to the Cisco Technical Assistance Center (TAC).

    Note: Refer to Important Information on Debug Commands before you issue debug commands.

    • show cef interface x/x—Displays CEF related interface information.

    • show ip cef prefix —Displays prefix entry in Forwarding Information Base (FIB).

    • show adjacency interface detail—Displays recursive and direct prefixes resolved through adjacency.

    • show cef not-cef-switched—Displays which packets are not CEF-switched.

    • debug ip cef drop—Displays debug information for CEF-dropped packets.

    The input interface determines the Cisco IOS switching path that a packet takes. Consider these rules of thumb when you enable or disable switching methods on a particular interface.

    Incoming Interface Outgoing Interface Switching Method
    CEF Process CEF
    Process CEF Fast
    Process Fast Switching (IP route cache) Fast Switching
    CEF Fast Switching CEF

    In other words, you need CEF to be enabled on the incoming interface for packets to be CEF switched. Since CEF makes the forwarding decision on input, use the no ip route-cache cef command on the ingress interface to disable CEF. In contrast, since Cisco IOS builds a fast-switching cache entry after switching a packet, a packet that comes in on a process-switched interface and goes out through a fast-switched interface is fast switched, use the no ip route-cache command on the egress interface to disable fast switching. These traffic types are not CEF switched:

    • Packets for which there is no entry in the switching cache

    • Packets destined for the router

    • Broadcast traffic

    • IP packets with options

    • Packets that require protocol translation

    • Encrypted traffic

Understand CEF Punts

The term "punt" is defined by Cisco to describe the action by an interface's device driver of sending a packet "down" to the next fastest switching level. This list defines the order of preferred Cisco IOS switching methods (from fastest to slowest).

  • Distributed CEF

  • CEF

  • Fast switching

  • Process switching

A punt occurs under these conditions:

  • The next lower level did not produce a valid path or, in the case of CEF, a valid adjacency. In other words, if the CEF lookup process failed to find a valid entry in the forwarding information base, the packet is punted to the next available switching path or dropped.

  • A particular feature or Layer 2 encapsulation is not supported at the lowest level. If CEF supports a particular feature, ownership of a packet is passed through a set of software routines in the CEF "feature path."

  • A feature requires special handling.

A punt adjacency in CEF is installed when some output feature is not supported in CEF. CEF punts all packets that go to such an adjacency to the next best switching mode, in order to switch all the packets.

center#show ip cef 45.0.0.0 
45.0.0.0/8, version 184, 0 packets, 0 bytes 
  via 1.1.1.1, Tunnel0, 0 dependencies 
    next hop 1.1.1.1, Tunnel0 
    valid punt adjacency

CEF Packets passed on to next switching layer 
Slot    No_adj  No_encap Unsupported  Redirect   Receive   Bad_ttl   Options
RP           0         0           0         0      5700         0         0 
2            0         0           0         0         0         0         0 
3            0         0           0         0         0         0         0 
4            0         0           0         0         0         0         0 
5            0         0           0         0         0         0         0 
8            0         0           0         0         0         0         0 
9            0         0           0         0         0         0         0 
10           0         0           0         0         0         0         0

With an incomplete adjacency, CEF considers that the router as a whole (including all the other switching paths) does not know how to get to the adjacent node. We punt packets to process switching in order to kick off some resolution protocol like Address Resolution Protocol (ARP), which results in the adjacency being completed some time later. In this condition, CEF punts one packet every two seconds to the next switching path to avoid a flood of packets. Thus in this condition, pings to the IP address might fail about 50 percent and you see a "!.!.!.!.!" ping pattern. This condition also occurs when the CEF table is corrupted, as indicated by a difference between the show ip route command information and the show ip cef command information for a particular IP address.

Note: On the Gigabit Switch Router (GSR), the line card (LC) generates Internet Control Message Protocol (ICMP) echo replies from within CEF. If the packet is not destined to one of the GSRs local addresses, then no processes is involved. It is switched straight through either in hardware or under interrupt in dCEF, depending on which LC you use.

On the GSR, fast switching and process switching are not available. If a destination prefix cannot be resolved to a forwarding entry in the inbound LCs tables, the packet is dropped. Only packets that match a glean adjacency are punted to the Gigabit Routing Processor (GRP). In addition, on the GSR, the LC CPU does not punt packets to the GRP for features, and the LC sends an ICMP unreachable (as long as the no ip unreachables command is not configured). On the GSR, the only traffic punted to the GRP are packets destined to an interface on the router or packets sourced from the router.

Related Information

Updated: May 28, 2007
Document ID: 47205