Category Archives: CCNP – CEF / FIB

Quick notes on IP CEF and the Adjancency Table for exam day!

No Topology needed for this one, just wanted to jot some quick notes from a video I’m reviewing on the subject.

Before getting into what CEF and AT is all about, I feel its important this is required to be on and working for uRPF (Unicast Reverse Path Forwarding).

CEF is derived from the IP Route table, is also named FIB, and runs at the “Data Plane” while the IP Route table runs at the “Control Plane”.

One way two keep the two differentiated, is to remember the 3 letter acronym is the L3 information (CEF/FIB) and the L2 information has a 2 letter acronym (AT) Adjacency table.

“sh ip int …” to view CEF info for an interface, in fact adding the “ip” part to interface gives you basically the services statistics or information running on the interface.

“sh ip cef” to see the prefix-list for CEF

“sh adj” to view the adjacency table, “sh adj det” for more details

Like the CEF table is derived from the IP Route Table, the Adjacency Table is derived from ARP

If you see (incomplete) within the AT, you have an ARP issue somewhere in the network.

If you narrow down CEF to a single route, like “sh ip cef 172.12.123.1” and see the term invalid cached adjacency that is also an indication of a Layer 2 ARP issue.

Process Switching = Router looks at every packet to determine how to forward it.

Fast Switching = Router keeps a destination cache for packets, inspects the first packet that matches a destination, then allows the flow through without inspecting all packets.

Thats all I got for that, just a little nugget of straight to the point info, enjoy! ūüôā

 

CEF (Cisco Express Forwarding), L3 “Switching”, RIB / FIB explained, and a ton of good info important for exam day!

Once again, this is a no non-sense post, with no Topology associated to it (though there will be some router output to demonstrate things).

I’ll do this one bullet point style, think it makes the points jump out a bit more:

  • CEF is described as Layer 3 Switching, but this means packet switching, not frame switching which is solely a Layer 2 function
  • CEF is Cisco properietary, other vendors run hardware ASIC cards to perform similar L3 Packet Switching instead of using Software / CPU

Another bullet point style of topics that are important here, are knowing our 3 planes of existence on the Cisco Router:

  • Management Plane – Plane involved with Router management (obviously), in terms of configuration of protocols / ip address configuration / etc, including turning services of the router on and off
  • Control Plane – Plane involved with the gathering of routing information. Routing protocols run on this plane, ARP and IP tables are built here as well
  • Data Plane – Plane where the routing occurs, and Where CEF’s two key components run, the FIB (Forwarding Information Base) and the AT (Adjacency Table)

Now a couple of outputs I want to show regarding CEF right off the bat, is how to configure and remove it from a router, and a VERY  simple output for this command:

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip cef
R1(config)#do sh ip cef
Prefix              Next Hop             Interface
0.0.0.0/0           drop                 Null0 (default route handler entry)
0.0.0.0/32          receive
1.1.1.1/32          receive
172.12.15.0/24      attached             FastEthernet0/1
172.12.15.0/32      receive
172.12.15.1/32      receive
172.12.15.255/32    receive
172.12.123.0/24     attached             Serial0/0
172.12.123.0/32     receive
172.12.123.1/32     receive
172.12.123.2/32     172.12.123.2         Serial0/0
172.12.123.3/32     172.12.123.3         Serial0/0
172.12.123.255/32   receive
224.0.0.0/4         drop
224.0.0.0/24        receive
255.255.255.255/32  receive
R1(config)#

It looks essentially like the routing table in Prefix notation, because that is exactly what it is, welcome to what is known as the FIB Table!

*** VERY IMPORTANT CONCEPT*** The “RIB” as you’ve seen throughout studies is the IP route table on the Data Plane (“sh ip route), which references the “FIB” when deciding where to route data (“sh ip cef”), as the FIB has a more complete / concise view of the network. AGAIN VERY IMPORTANT TO UNDERSTAND THOROUGHLY!

Now that I am done yelling in red, let us move on.

By default CEF should already be running on a Cisco Router or Switch, however in the exam room it may not be, so lets go over a scenario where we turn it off:

R1(config)#no ip cef
R1(config)#do sh ip cef
%CEF not running
Prefix              Next Hop             Interface
R1(config)#do sh ip route
Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback1
     172.12.0.0/24 is subnetted, 2 subnets
C       172.12.15.0 is directly connected, FastEthernet0/1
C       172.12.123.0 is directly connected, Serial0/0
R1(config)#

Now with CEF turned off, lets make a quick OSPF configuration, and see if the IP Route table (RIB) will be able to still see a single loopback advertised with a FIB to reference:

 

R2(config)#int s0/0
R2(config-if)#ip ospf pri 0
R2(config-if)#router ospf 1
R2(config-router)#network 172.12.123.0 0.0.0.255 area 0
R2(config-router)#
ASR#3
[Resuming connection 3 to r3 … ]

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#int s0/2
R3(config-if)#ip ospf pri 0
R3(config-if)#router ospf 1
R3(config-router)#network 172.12.123.0 0.0.0.255 area 0
R3(config-router)#network 3.3.3.3 0.0.0.0 area 3
R3(config-router)#
ASR#1
[Resuming connection 1 to r1 … ]

R1(config)#router ospf 1
R1(config-router)#network 172.12.123.0 0.0.0.255 area 0
R1(config-router)#neighbor 172.12.123.2
R1(config-router)#neighbor 172.12.123.3
R1(config-router)#

Very simple, nothing tricky, I prefer to start at the spokes to set ip ospf pri 0 on the interfaces before interacting with R1 but I could have started with R1 then “clear ip ospf proc” to get the election rigged back in R1’s favor and this is an NBMA so need the “neigbor” statements in R1’s configuration.

*Mar 31 13:29:02.836: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/0 from LOADING to FULL, Loading Done
*Mar 31 13:29:02.880: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/0 from LOADING to FULL, Loading Done

Adjacencies are now up, lets check it out:
R1(config-router)#do sh ip cef
%CEF not running
Prefix              Next Hop             Interface
R1(config-router)#do sh ip route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback1
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 00:00:56, Serial0/0
     172.12.0.0/24 is subnetted, 2 subnets
C       172.12.15.0 is directly connected, FastEthernet0/1
C       172.12.123.0 is directly connected, Serial0/0

To my surprise it does, showing that even though it references the FIB for packet switching / routing, it does not NEED it. I though I could explain this away as the Adjacency Table (AT) playing some role, but it does not run if CEF is not on:

R1(config)#do sh adj
%CEF not running
R1(config)#do sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           0   FULL/DROTHER    00:01:46    172.12.123.2    Serial0/0
3.3.3.3           0   FULL/DROTHER    00:01:46    172.12.123.3    Serial0/0
R1(config)#do ping 3.3.3.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms
R1(config)#

So that is something to note, I am not quite sure what impact CEF being off will have on the IP routing tables decisions, but it seems to survive quite well even without the FIB.

Layer 2 information is kept in the Adjacency Table (AT), and you can see the info with either “sh adj” or “she adj detail” as seen below this time from R5 who I configured OSPF on as well, as the output from IOS 15.x is slightly different than 12.x for this table:

R1(config)#ip cef
R1(config)#do sh adj
Protocol Interface                 Address
IP       Serial0/0                 172.12.123.3(7)
IP       Serial0/0                 172.12.123.2(5) (incomplete)
R1(config)#do sh adj detail
Protocol Interface                 Address
IP       Serial0/0                 172.12.123.3(7)
                                   0 packets, 0 bytes
                                   1CB10800
                                   FR-MAP     never
                                   Epoch: 0
IP       Serial0/0                 172.12.123.2(5) (incomplete)
                                   0 packets, 0 bytes
                                   1CA10800
                                   FR-MAP     never
                                   Epoch: 0
R1(config)#

Incomplete is not something we want to see, because that means something is wrong between Layer 2 and Layer 3, and in this situation I took off R2’s interface IP address, however the local router still has a frame-map statement to it knowing of it’s existence.

So if you see this in the adjacency table, you will want to verify the Layer 2 and Layer 3 connection information to the destination, as this is telling you bluntly it is incomplete.

Now, going back to the “sh ip cef” output and how to determine it and drill down:

R1#sh ip cef
Prefix              Next Hop             Interface
0.0.0.0/0           drop                 Null0 (default route handler entry)
0.0.0.0/32          receive
1.1.1.1/32          receive
3.3.3.3/32          172.12.123.3         Serial0/0
172.12.15.0/24      attached             FastEthernet0/1
172.12.15.0/32      receive
172.12.15.1/32      receive
172.12.15.5/32      172.12.15.5          FastEthernet0/1
172.12.15.255/32    receive
172.12.123.0/24     attached             Serial0/0
172.12.123.0/32     receive
172.12.123.1/32     receive
172.12.123.2/32     172.12.123.2         Serial0/0
172.12.123.3/32     172.12.123.3         Serial0/0
172.12.123.255/32   receive
224.0.0.0/4         drop
224.0.0.0/24        receive
255.255.255.255/32  receive
R1#sh ip cef 2.2.2.2
0.0.0.0/0, version 0, epoch 0, attached, default route handler
0 packets, 0 bytes
  via 0.0.0.0, 0 dependencies
    valid no route adjacency
R1#sh ip cef 3.3.3.3
3.3.3.3/32, version 16, epoch 0, cached adjacency 172.12.123.3
0 packets, 0 bytes
  via 172.12.123.3, Serial0/0, 0 dependencies
    next hop 172.12.123.3, Serial0/0
    valid cached adjacency
R1#

First, every router running CEF will have a default route at the top of its Prefix list (0.0.0.0/0) which if none is set on the local router, it will point to the packet trash can Null0 (drop the packet). If there is no valid next hop to the right of the default route, then it doesn’t have one, unlike R2 which just got a default route put on it to demonstrate:

R2#sh ip cef
Prefix              Next Hop             Interface
0.0.0.0/0           172.12.123.1         Serial0/0
0.0.0.0/32          receive

Second, I accidentally entered “sh ip cef 2.2.2.2” instead of 3.3.3.3, and notice it still gives me output of how that network will route through the default route which isn’t set, so packets going to that network will be discarded.

Finally, when doing “sh ip cef 3.3.3.3” on the correct network, it shows “valid cached entry” which is what we want to see as that means the route entry is good to go.

A quick but important side note, note I said “network” and not “route” above because you want to use the network NUMBER and NOT the specific IP address you want details on:

R1#sh ip cef 172.12.15.0
172.12.15.0/32, version 5, epoch 0, receive

Not much to it as this is a directly connected route, so the output is much more limited than that of a dynamic learned route, but what about a state route?

R1(config)#ip route 5.5.5.5 255.255.255.255 172.12.15.5
R1(config)#do sh ip cef 5.5.5.5
5.5.5.5/32, version 18, epoch 0, cached adjacency 172.12.15.5
0 packets, 0 bytes
  via 172.12.15.5, 0 dependencies, recursive
    next hop 172.12.15.5, FastEthernet0/1 via 172.12.15.5/32
    valid cached adjacency

Same output as a dynamically learned route, Valid Cached Adjacency is good!

Now let us dive into the glory of another IMPORTANT verification command:

R1#sh ip int s0/0
Serial0/0 is up, line protocol is up
  Internet address is 172.12.123.1/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.5 224.0.0.6
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is disabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is enabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled

Not only can you verify CEF is running which I’ve highlighted in red, but you get SO much more information highlighted in blue, like MTU size set / ACL’s in/out / Multicast Groups – I can tell this is an OSPF DR because it’s on the all OSPF routers multicast group and the all-DR OSPF routers group!

It’s the “ip” in the command that makes the difference, just like you need “ipv6” before any command to do with ipv6 configuration, you should get used to using “ip” follow “show ip (something)” to get a list of IP services running!

To round off this discussion of CEF, I’d like to hit on “Process Switching vs Fast Switching”, as CEF uses what is known as Fast Switch which is a huge improvement over Process switching (obviously by the name of it).

Process switching examines every packet as it comes in, whereas fast switching exmaines only the first packet of a packet flow in its switching cache on the router, so when packets come into the router it can quickly compare against that cache to then forward the packets.

So fast switching checks the first packet against that cache to look for an entry, and if there is a matching entry, the packets are forwarded.

On an interface, to enable fast switching, “ip route-cache” on the interface level config, and to remove it “no ip route-cache”.

And with that, I need to go get some food and get into IP SLA, as we are in for another long night leading up to test day!