This presentation covers how packet forwarding is done on the networking devices, how Cisco Express Forwarding (CEF) works and different ways to do static routing.
• For example, Administrative Distance and Metric • Single lookup has linear complexity O(n) • Stored in RAM • Verification: show ip route [ip-address [mask]] Routing table (cont.)
to choose the best route within a single routing protocol (there are exceptions) • Administrative distance (0..255): • Used to choose the best route between routing protocols Routing table (cont.)
Control plane – traffic to the device: • Routing protocols hello/updates • BPDU • FHRP and others • Management plane – part of control plane: • SSH/Telnet • SNMP Traffic types
the network device • Handles control plane • Can do anything • Can’t do packet forwarding with high throughput *Note: DPDK project enables x86 multi-core processors to forward 200+ Gbps Processors: CPU and ASIC
transistors • Very fast, but dumb • Designed specifically to move packets • Expensive • Not possible to program new features • Responsible for data plane Processors: CPU and ASIC
a key, not a pointer • Very fast • Expensive • High power consumption • O(1) constant time lookup • Used in switches for MAC address table Memory: RAM, CAM and TCAM
by a key, which consists of not only 0 and 1, but also don’t care bits. • Very expensive • High power consumption • O(1) constant time lookup! • Used for next-hop lookup (CEF table), ACL (security and QoS) Memory: RAM, CAM and TCAM
• There is special process responsible for process-switching – IP Input • The following traffic is process-switched: • Control plane • Locally generated (not all) • No L2 adjacency information • ACL logging Process-switching
• IP pair and corresponding encapsulation information is added to the cache • Following packets are forwarding based on the entry in cache • Deprecated Fast-switching
in RIB: • Resolve recursive lookup and get rid of useless information • Add pointer to pre-built L2 header in Adjacency table • The new table is called Forwarding Information Base (FIB) or CEF table: • Contains prefix, NH, outgoing interface, pointer to L2 header • Stored in DRAM [O(1) using 256-way mtrie data structure] and TCAM [if exists, also O(1), but much faster] • The lookup is done during the interrupt (process scheduling is not required) Cisco Express Forwarding (CEF)
and builds L2 header • Adjacency table contains NH, interface, associated L2 Header • Stored in RAM • Pitfall: CEF process does not allow adjacency to age out • clear arp won’t delete ARP entry if it can be revalidated • Verification: show adjacency [detail] CEF – Adjacency table
• Depending on platform there can be zero, one or more ASICs. • The same applies for TCAM • All L3 switches have TCAM, only some routers have it • TCAM stores not only FIB, but ACL and QoS rules, however the allocation is predefined • On some platforms you can change allocation profile CEF on hardware-based platforms
same prefix • How will CEF decide where to send packet? • CEF is doing load-balancing per-flow • By default, it takes source-destination IP pair, feeds it to the hashing algorithm, returns the number of the bucket • Buckets are allocated automatically per next-hop, depending on the traffic share count in RIB CEF – Load balancing
same source/destination IP pair the bucket (outgoing link) is the same. • Result is that some links can be underutilized (especially if we have chain of routers with ECMP). • One possible solution is to include L4 ports in hashing (if supported): (config)# ip cef load-sharing algorithm include-ports [source [destination]] CEF polarization
manually • Usually overrides entries installed via dynamic routing protocols • Advantage: gives full control over path selection in your network • Main disadvantage: huge administrative burden • Syntax: (config)# ip route prefix mask [NH-IP | interface [NH-IP]] [distance] [track track] • Verification: # show ip route [static] Static Routing
the traffic should go for specific prefix: • By specifying next-hop IP address • By specifying outgoing interface • By specifying both Static Routing (cont.)
• On multipoint interfaces resolution of next-hop IP address is required (ARP cache, Frame Relay/ATM mapping) • Static route is installed into RIB only if recursive lookup is successful (outgoing interface was found) • It will stay in RIB even if next-hop is covered only by valid default route Static Routing to next-hop
outgoing interface • On point-to-point interface we can send the packet right away • On multipoint interface first we need to find L2 address for the destination IP • For every new destination IP address in the packet we will install entry in ARP cache • It can still work if Proxy Arp is enabled (which is enabled by default in IOS) • Static route is installed into RIB only if line protocol of the outgoing interface is up • Use only for point-to-point interfaces! Static Routing to outgoing interface
outgoing interface • On point-to-point interface we can send the packet right away • On multipoint interface first we need to find L2 address for next-hop IP address • Static route is installed into RIB only if line protocol of the outgoing interface is up Static Routing to outgoing interface and NH
AD higher than default and is not installed into RIB under normal operation, because there is another preferred path • Once primary path fails floating static route can be installed • For example: • Primary static default route has AD 1 and tracking (based on IP SLA) or BFD • Secondary static default route has AD 2 or higher • Once tracking object/BFD goes down, primary route is deleted from RIB and secondary route is installed Floating static routes
dmfigol
lycorp_recruit_jp
.jpg){kind=avatar}
oshanqq
ysknsid25
bgpat
ishikawa_satoru
kkamegawa
shin1x1
.png){kind=icon}
pharma_x_tech
faithandbrave
bigmuramura
marsee101
marchin1989
carmenintech
moore
tammielis
trishagee
ammeep
samanthasiow
akosma
quramy
scottboms
jmmastey
malarkey
thoeni
![24 • Verification: show ip cef [ip-address [mask]] [detail] [internal]](https://files.speakerdeck.com/presentations/980ef663021a4c86908a332dfea4157c/slide_23.jpg){kind=link}
![30 • Verification: • show ip cef [ip [mask]] internal](https://files.speakerdeck.com/presentations/980ef663021a4c86908a332dfea4157c/slide_29.jpg){kind=link}
