TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
CEFv6 in a nutshell
1. CEFv6
If you have to Troubleshoot CISCO device One day you will have to deal with CEF!
No DATA PLANE Troubleshooting without CEFv6!...
If you are looking for the Engineering Team with really high skills guys at cisco you are looking for the
CEF team! These guys need to do two things mutually exclusives and this all the time: They must support
a maximum number of services and at the same time they must design the fastest code because all the
cisco switching performances rely on CEF!
If an IP feature is not supported by CEF, the feature has no future if it has also to be Efficient. if it is
a slow terminal conversion things which need the speed of typing with one finger, fine! but if it must
support wire speed? Forget it!
WHY???
We need to get back to the basics of computers to understand...
When a packet is received by an ASIC specialized to process the data coming from a Physical Media
port, an Interrupt is sent to the CPU. An interrupt is a Signal Transition like 0 to +5v or the opposite.
The Interrupt is raised by the Physical Media Processor to tell the CPU that it has a packet just like
the Postman set up the flag after it has dropped a few mails in your mailbox! Guess who is called first
by the CPU when it gets the interrupt signal? CEF...
Now CEF must take a decision either switch the packet in interrupt mode, either Q the packet for
further processing in a time sharing fashion. It is clear that Real-Time traffic will only be supported by
the Interrupt mode. So where is the problem? The process in interrupt mode disables any other
interrupt. The other Line Cards have a dedicated ASIC with MEmory to accomodate a few packet but
not too much...
The process must process the packet as fast as possible for the protocol which is being routed and for
the other traffic waiting to be processed. This is why complex operation cannot be supported by CEF and
this has been the case of NAT-PT in IPv6!
2. R l # s h o w i ipv6 c e f 2 0 0 1 : d b 8 : c a f e : 1 0 : : / 6 4 iinternal
R1#show p v 6 cef 2001:db8:cafe:10::/64 n t e r n a l
2001:DB8:CAFE:10::/64, eepoch 0 , R I B [ I ] , r refcount 4 , pper-destination s h a r i n g
2 0 0 1 :DB 8 :CA FE :1 0 ::/6 4 , p o c h 0, RIB[I], e f c o u n t 4, e r - d e s t i n a t i o n sharing
sources: R I B
s o u r c e s : RIB
feature sspace:
fe a tu re p a ce : This comes from the CEF Forwarding Information Base (FIB)!
This comes from the CEP Forwarding Information Base (FIB)!
IPRM: 00x00038000
I P RM: x 0 0 0 3 8 0 0 0
ifnums:
if n u ms:
FastEthernet0/1.11(11): FFE80::C801:4FF:FE94:6
Fa stE th e rn e t0 /1 .1 1 (1 1 ): E 8 0 ::C8 0 1 :4 FF:FE 9 4 :6
p a t h 66822BA1C, ppath llist 66822A77C, sshare 1 / 1 , t type a t t a c h e d n e x t h o p , ffor IIPv6
path 8 2 2 B A 1 C , a t h i s t 8 2 2 A 7 7 C , h a r e 1/1, y p e attached nexthop, o r P v 6
nexthop FE80::C801:4FF:FE94:6 FastEthernet0/1.11, adjac enc y IPV6 adj out of FastEthernet0/1.11,
nexthop FE80::C801:4FF:FE94:6 FastEthernet0/1.11, adjacency IPV6 adj out o f FastEthernet0/1.11,
addr FE80::C801:4FF:FE94:6
addr 7 F91
E 8 0 :
output cchain: I IPV6a adj outi of FastEthernet0/1.11, addr F E 8 0 : : C 8 0 1 : 4 F F : F E 9 4 : 6
output
: C 8 0 hain: P V d j o u t o f F a s t E t h e r n e t 0 / 1 . 1 1 , a d d r FE80::C801:4FF:FE94:6
1 6 F9 1 0 6 0
6 : 4 F
66F91C60
F : F 1 R1#show a d j a c e n c y F E 8 0 : : C 8 0 1 : 4 F F : F E 9 4 : 6
R l I f s h o w adjacency FE80::C801:4FF:FE94:6
This is tthe: neighbor nex t -hop and cannot IDEI
This is 4 e neighbor next-hop and cannot be
E 9 h Protocol IInterface A d d r e s s
Pr otocol n t e r f a c e Address
anything els e but a Link -loc al address! We
anything else but a Link-local address! We IPV6 F a s t E t h e r n e t 0 / 1 . 1 1 F E 8 0 : : C 8 0 1 : 4 F F : F E 9 4 : 6 ( 7 )
I P V 6 FastEthernet0/1.11 FE80::C801:4FF:FE94:6(7)
find it also in the line above which resume R1#show a d j a c e n c y F E 8 0 : : C 8 0 1 : 4 F F : F E 9 4 : 6 iinternal
R l I f s h o w adjacency FE80::C801:4FF:FE94:6 n t e r n a l
the rec urs ion in case you have mult iple
the recursion in case you have multiple Protocol IInterface A d d r e s s
Pr otocol n t e r f a c e Address
level, ttherein tone line above whic h res ume
find it here is one line per lev el_
level, also is he line per level.... IPV6 F a s t E t h e r n e t 0 / 1 . 1 1 F E 8 0 : : C 8 0 1 : 4 F F : F E 9 4 : 6 ( 7)
I P V 6 FastEthernet0/1.11 FE80::C801:4FF:FE94:6(7)
Just af t er you can see tthe Address of t he
Just after you can see he Address of the 0 pa c k e ts , 0 by te s
0 packets, 0 bytes
Adjacency point er whic h is a memory
Adjacency pointer which is a memory epoch 0 T h i s comes from the CEP Adjacency Table
epoch 0 This comes from the CEF Adjacency Table
pointer tto a s t ruc t ure whic h contains t he
point er o a structure which contains the sourced iin s e v - e p o c h 1
sour ced n sev-epoch 1
Adjacency inf ormat ion lik e t he MAC Address
Adjacency information like the MAC Address Encap llength 1 8
E n c a p e n g t h 18
for tthe encapsulation, ffrom where it comes
f or he encapsulation, rom where it comes CA0104940006CA0004940006010000011
CA0104940006CA00049400068100000B
from (ND o r ARP ffor IPv4) and how many
f rom (ND or ARP o r IPv4) and how many 86DD
86D D
bytes/packets were encapsulated wit h tthis
bytes/packets were encapsulated with his IPv6 N D
I P v 6 ND
adjacency...
adjacency... Fast a d j a c e n c y e n a b l e d [[OK]
F a s t adjacency enabled O K ]
L3 m t u 1 5 0 0
L3 mtu 1500
Flags ((0x11A9E)
F l ags 0x 11A9E)
Fixup d i s a b l e d
F i x u p disabled
HWIDB/IDB p o i n t e r s O x 6 6 C C D D 1 0 / 0 x 6 7 E 5 8 5 0 0
H W I D B / I D B pointers 0x66CCDD10/0x67E58500
IP rredirect e n a b l e d
IP e d i r e c t enabled
Switching v e c t o r : I IPv6 a d j a c e n c y o c e
S w i t c h i n g vector: P v 6 adjacency oce
Adjacency p o i n t e r O x 6 6 F 9 1 C 6 0 1
Adj acency
pointer
Use the internal argument Next-hop F E 8 0 : : C 8 0 1 : 4 F F : F E 9 4 : 6
N e x t - h o p FE80::C801:4FF:FE94:6
To process this packet as fast as possible CEFv6 relies on two tables: One is derived from the Routing
To process this packet as fast as possible CEFv6 relies on two tables: One is derived from the Routing
Table and One is derived from the ND Table! But the requirements are completely differents.
Table and One is derived from the ND Table! But the requirements are completely differents.
The Forwarding Information Base (FIB) is the Routing TAble with all the Recursions resolved, it has the
The Forwarding Information Base (FIB) is the Routing IAble with all the Recursions resolved, it has the
Neighbor Next-hop for each destintation with a pointer to the Adjacency Table, derived from ND to
Neighbor Next-hop for each destintation with a pointer to the Adjacency Table, derived from ND to
perform the encapsulation.
perform the encapsulation.
The data structure of a Routing Table or RIB is optimized for efficient management of entries in the
The data structure of a Routing Table or RIB is optimized for efficient management of entries in the
table while the FIB is optimized for getting the Fastest Lookup!
table while the FIB is optimized for getting the Fastest Lookup!
In the distributed platform, the FIB and Adjacencies tablessa re downloaded on the Linecards and it is
In the distributed platform, the FIB and Adjacencies tablessa re downloaded on the Linecards and it is
the ingress LC which takes the switching decision. The central CPU is not involved for forwarding and
the ingress LC which takes the switching decision. The central CPU is not involved for forwarding and
for troubleshooting you must attach to the LC as looking to the Central tables is not useless but it is not
for troubleshooting you must attach to the LC as looking to the Central tables is not useless but it is not
the table we need to look for the decision.
the table we need to look for the decision.
Fred Bovy, IPv6 For Life! CCIE #3013
Fred Bovy, IPv6 For Life!.... CCIE #3013